Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SysrI6zSkJ.exe

Overview

General Information

Sample name:SysrI6zSkJ.exe
renamed because original name is a hash value
Original sample name:2e501240ec8b9aab46d76a6504e44882.exe
Analysis ID:1402122
MD5:2e501240ec8b9aab46d76a6504e44882
SHA1:1a97d7662e66502faa5a7718565bb362eb6f27bd
SHA256:582cf0470ba0d2c2ef2c3fee83442db0e345656f7d7c46ee5b613998fdd6ee00
Tags:exeRedLineStealer
Infos:

Detection

RedLine
Score:76
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected RedLine Stealer
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Hides that the sample has been downloaded from the Internet (zone.identifier)
Queries memory information (via WMI often done to detect virtual machines)
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sigma detected: WScript or CScript Dropper
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Uses cmd line tools excessively to alter registry or file data
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Yara detected EXE embedded in BAT file
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to launch a process as a different user
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found WSH timer for Javascript or VBS script (likely evasive script)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
Installs a raw input device (often for capturing keystrokes)
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
PE file does not import any functions
Queries information about the installed CPU (vendor, model number etc)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Direct Autorun Keys Modification
Sigma detected: Potential Persistence Attempt Via Run Keys Using Reg.EXE
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Tries to load missing DLLs
Uses code obfuscation techniques (call, push, ret)
Uses reg.exe to modify the Windows registry
Uses the system / local time for branch decision (may execute only at specific dates)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • SysrI6zSkJ.exe (PID: 7432 cmdline: C:\Users\user\Desktop\SysrI6zSkJ.exe MD5: 2E501240EC8B9AAB46D76A6504E44882)
    • reg.exe (PID: 7464 cmdline: REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /V Repository /t REG_SZ /F /D C:\ProgramData\WinNet\gg.exe MD5: 227F63E1D9008B36BDBCC4B397780BE4)
      • conhost.exe (PID: 7480 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 7472 cmdline: cmd.exe /c C:\ProgramData\WinNet\embedded.exe MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7496 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • embedded.exe (PID: 7592 cmdline: C:\ProgramData\WinNet\embedded.exe MD5: DB408CB75C1D0DA769C19A6CBBE60D87)
        • reg.exe (PID: 7704 cmdline: REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /V Repository /t REG_SZ /F /D C:\ProgramData\WinNet\gg.exe MD5: 227F63E1D9008B36BDBCC4B397780BE4)
          • conhost.exe (PID: 7724 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • cmd.exe (PID: 7712 cmdline: cmd.exe /c C:\ProgramData\WinNet\AnyDesk.exe MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 7744 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • AnyDesk.exe (PID: 7872 cmdline: C:\ProgramData\WinNet\AnyDesk.exe MD5: A21768190F3B9FEAE33AAEF660CB7A83)
            • AnyDesk.exe (PID: 8108 cmdline: "C:\ProgramData\WinNet\AnyDesk.exe" --local-service MD5: A21768190F3B9FEAE33AAEF660CB7A83)
            • AnyDesk.exe (PID: 8116 cmdline: "C:\ProgramData\WinNet\AnyDesk.exe" --local-control MD5: A21768190F3B9FEAE33AAEF660CB7A83)
        • cmd.exe (PID: 7736 cmdline: cmd.exe /c C:\ProgramData\WinNet\p.vbs MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 7768 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • wscript.exe (PID: 7928 cmdline: "C:\Windows\System32\WScript.exe" "C:\ProgramData\WinNet\p.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80)
            • gg.exe (PID: 8008 cmdline: "C:\ProgramData\WinNet\gg.exe" MD5: 20AB063F206EB8115FDE1479E05C245E)
    • cmd.exe (PID: 7488 cmdline: cmd.exe /c C:\ProgramData\WinNet\p.vbs MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7524 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • wscript.exe (PID: 7648 cmdline: "C:\Windows\System32\WScript.exe" "C:\ProgramData\WinNet\p.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80)
        • gg.exe (PID: 7788 cmdline: "C:\ProgramData\WinNet\gg.exe" MD5: 20AB063F206EB8115FDE1479E05C245E)
  • gg.exe (PID: 7500 cmdline: "C:\ProgramData\WinNet\gg.exe" MD5: 20AB063F206EB8115FDE1479E05C245E)
  • gg.exe (PID: 7976 cmdline: "C:\ProgramData\WinNet\gg.exe" MD5: 20AB063F206EB8115FDE1479E05C245E)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
RedLine StealerRedLine Stealer is a malware available on underground forums for sale apparently as standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer

Malware Configuration

Threatname: RedLine

{"C2 url": "67.203.7.148:2909", "Authorization Header": "1c494bfb642e6b40ce5b6d4207377297"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
SysrI6zSkJ.exeJoeSecurity_EXEembeddedinBATfileYara detected EXE embedded in BAT fileJoe Security

    PCAP (Network Traffic)

    SourceRuleDescriptionAuthorStrings
    dump.pcapJoeSecurity_RedLine_1Yara detected RedLine StealerJoe Security
      dump.pcapJoeSecurity_RedLineYara detected RedLine StealerJoe Security

        Dropped Files

        SourceRuleDescriptionAuthorStrings
        C:\ProgramData\WinNet\gg.exeJoeSecurity_RedLineYara detected RedLine StealerJoe Security
          C:\ProgramData\WinNet\embedded.exeJoeSecurity_EXEembeddedinBATfileYara detected EXE embedded in BAT fileJoe Security

            Memory Dumps

            SourceRuleDescriptionAuthorStrings
            00000000.00000003.2259823166.000001589E200000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
              0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                  00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                    00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                      Click to see the 13 entries

                      Unpacked PEs

                      SourceRuleDescriptionAuthorStrings
                      15.0.gg.exe.d60000.0.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                        7.2.embedded.exe.22f0bb80098.0.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                          7.2.embedded.exe.22f0bb80098.0.raw.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                            0.3.SysrI6zSkJ.exe.1589e200098.1.raw.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                              0.3.SysrI6zSkJ.exe.1589e200098.1.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security

                                Sigma Signatures

                                System Summary

                                barindex
                                Sigma detected: WScript or CScript Dropper
                                Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: "C:\Windows\System32\WScript.exe" "C:\ProgramData\WinNet\p.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\ProgramData\WinNet\p.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: cmd.exe /c C:\ProgramData\WinNet\p.vbs, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 7488, ParentProcessName: cmd.exe, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\ProgramData\WinNet\p.vbs" , ProcessId: 7648, ProcessName: wscript.exe
                                Sigma detected: CurrentVersion Autorun Keys Modification
                                Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\ProgramData\WinNet\gg.exe, EventID: 13, EventType: SetValue, Image: C:\Windows\System32\reg.exe, ProcessId: 7464, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Repository
                                Sigma detected: Direct Autorun Keys Modification
                                Source: Process startedAuthor: Victor Sergeev, Daniil Yugoslavskiy, oscd.community: Data: Command: REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /V Repository /t REG_SZ /F /D C:\ProgramData\WinNet\gg.exe, CommandLine: REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /V Repository /t REG_SZ /F /D C:\ProgramData\WinNet\gg.exe, CommandLine|base64offset|contains: DA, Image: C:\Windows\System32\reg.exe, NewProcessName: C:\Windows\System32\reg.exe, OriginalFileName: C:\Windows\System32\reg.exe, ParentCommandLine: C:\Users\user\Desktop\SysrI6zSkJ.exe, ParentImage: C:\Users\user\Desktop\SysrI6zSkJ.exe, ParentProcessId: 7432, ParentProcessName: SysrI6zSkJ.exe, ProcessCommandLine: REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /V Repository /t REG_SZ /F /D C:\ProgramData\WinNet\gg.exe, ProcessId: 7464, ProcessName: reg.exe
                                Sigma detected: Potential Persistence Attempt Via Run Keys Using Reg.EXE
                                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /V Repository /t REG_SZ /F /D C:\ProgramData\WinNet\gg.exe, CommandLine: REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /V Repository /t REG_SZ /F /D C:\ProgramData\WinNet\gg.exe, CommandLine|base64offset|contains: DA, Image: C:\Windows\System32\reg.exe, NewProcessName: C:\Windows\System32\reg.exe, OriginalFileName: C:\Windows\System32\reg.exe, ParentCommandLine: C:\Users\user\Desktop\SysrI6zSkJ.exe, ParentImage: C:\Users\user\Desktop\SysrI6zSkJ.exe, ParentProcessId: 7432, ParentProcessName: SysrI6zSkJ.exe, ProcessCommandLine: REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /V Repository /t REG_SZ /F /D C:\ProgramData\WinNet\gg.exe, ProcessId: 7464, ProcessName: reg.exe
                                Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
                                Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\ProgramData\WinNet\p.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\ProgramData\WinNet\p.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: cmd.exe /c C:\ProgramData\WinNet\p.vbs, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 7488, ParentProcessName: cmd.exe, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\ProgramData\WinNet\p.vbs" , ProcessId: 7648, ProcessName: wscript.exe

                                Snort Signatures

                                Timestamp:03/03/24-13:32:21.412111
                                SID:2046056
                                Source Port:2909
                                Destination Port:49738
                                Protocol:TCP
                                Classtype:A Network Trojan was detected
                                Timestamp:03/03/24-13:32:12.962499
                                SID:2043231
                                Source Port:49730
                                Destination Port:2909
                                Protocol:TCP
                                Classtype:A Network Trojan was detected
                                Timestamp:03/03/24-13:32:05.128395
                                SID:2046056
                                Source Port:2909
                                Destination Port:49729
                                Protocol:TCP
                                Classtype:A Network Trojan was detected
                                Timestamp:03/03/24-13:32:05.256436
                                SID:2046056
                                Source Port:2909
                                Destination Port:49730
                                Protocol:TCP
                                Classtype:A Network Trojan was detected
                                Timestamp:03/03/24-13:31:59.867235
                                SID:2046045
                                Source Port:49730
                                Destination Port:2909
                                Protocol:TCP
                                Classtype:A Network Trojan was detected
                                Timestamp:03/03/24-13:31:59.719964
                                SID:2046045
                                Source Port:49729
                                Destination Port:2909
                                Protocol:TCP
                                Classtype:A Network Trojan was detected
                                Timestamp:03/03/24-13:31:59.883479
                                SID:2043234
                                Source Port:2909
                                Destination Port:49729
                                Protocol:TCP
                                Classtype:A Network Trojan was detected
                                Timestamp:03/03/24-13:32:00.028789
                                SID:2043234
                                Source Port:2909
                                Destination Port:49730
                                Protocol:TCP
                                Classtype:A Network Trojan was detected
                                Timestamp:03/03/24-13:32:16.020247
                                SID:2046045
                                Source Port:49738
                                Destination Port:2909
                                Protocol:TCP
                                Classtype:A Network Trojan was detected
                                Timestamp:03/03/24-13:32:16.182547
                                SID:2043234
                                Source Port:2909
                                Destination Port:49738
                                Protocol:TCP
                                Classtype:A Network Trojan was detected
                                Timestamp:03/03/24-13:32:10.977333
                                SID:2043231
                                Source Port:49729
                                Destination Port:2909
                                Protocol:TCP
                                Classtype:A Network Trojan was detected
                                Timestamp:03/03/24-13:32:26.512386
                                SID:2043231
                                Source Port:49738
                                Destination Port:2909
                                Protocol:TCP
                                Classtype:A Network Trojan was detected

                                Joe Sandbox Signatures

                                Click to jump to signature section

                                Show All Signature Results

                                AV Detection

                                barindex
                                Found malware configuration
                                Source: 15.0.gg.exe.d60000.0.unpackMalware Configuration Extractor: RedLine {"C2 url": "67.203.7.148:2909", "Authorization Header": "1c494bfb642e6b40ce5b6d4207377297"}
                                Multi AV Scanner detection for dropped file
                                Source: C:\ProgramData\WinNet\embedded.exeReversingLabs: Detection: 58%
                                Source: C:\ProgramData\WinNet\gg.exeReversingLabs: Detection: 71%
                                Multi AV Scanner detection for submitted file
                                Source: SysrI6zSkJ.exeReversingLabs: Detection: 39%
                                Source: unknownHTTPS traffic detected: 37.59.29.33:443 -> 192.168.2.4:49731 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 64.31.23.30:443 -> 192.168.2.4:49733 version: TLS 1.2
                                Source: SysrI6zSkJ.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                Source: Binary string: C:\b\build\slave\win\build\src\out\Release\gcapi_dll.dll.pdbGCTL source: AnyDesk.exe, 00000013.00000003.1980331395.0000000004F61000.00000004.00000800.00020000.00000000.sdmp
                                Source: Binary string: C:\Users\anyadmin\Documents\anydesk\release\dwm_dda-64\privacy_feature\privacy_feature.pdb source: AnyDesk.exe, 00000010.00000003.1659830296.0000000003B83000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: C:\Users\anyadmin\Documents\anydesk\release\dwm_dda-64\win_dwm\win_dwm.pdb source: AnyDesk.exe, 00000010.00000003.1659830296.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: C:\b\s\w\ir\x\w\sdk\out\ReleaseX64\dart_precompiled_runtime_product.exe.pdb source: SysrI6zSkJ.exe, 00000000.00000003.2258580120.000001589FD80000.00000004.00001000.00020000.00000000.sdmp, SysrI6zSkJ.exe, 00000000.00000000.1627710192.00007FF75320E000.00000002.00000001.01000000.00000003.sdmp, SysrI6zSkJ.exe, 00000000.00000002.3480634743.00007FF75320E000.00000002.00000001.01000000.00000003.sdmp, embedded.exe, 00000007.00000002.3479713989.00007FF79F51E000.00000002.00000001.01000000.00000004.sdmp, embedded.exe, 00000007.00000000.1635812849.00007FF79F51E000.00000002.00000001.01000000.00000004.sdmp
                                Source: Binary string: C:\Users\anyadmin\Documents\anydesk\release\app-32\win_app\win_app.pdb source: AnyDesk.exe, 00000010.00000003.1659830296.0000000003451000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000013.00000002.3477631483.00000000016E9000.00000002.00000001.01000000.00000009.sdmp
                                Source: Binary string: C:\Users\anyadmin\Documents\anydesk\release\dwm_dda-32\win_dwm\win_dwm.pdb source: AnyDesk.exe, 00000010.00000003.1659830296.0000000003451000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: C:\b\build\slave\win\build\src\out\Release\gcapi_dll.dll.pdb source: AnyDesk.exe, 00000013.00000003.1980331395.0000000004F61000.00000004.00000800.00020000.00000000.sdmp
                                Source: Binary string: SAS.pdbR source: AnyDesk.exe, 00000010.00000003.1659830296.0000000003451000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: C:\Users\anyadmin\Documents\anydesk\release\dwm_dda-32\privacy_feature\privacy_feature.pdb source: AnyDesk.exe, 00000010.00000003.1659830296.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: SAS.pdb source: AnyDesk.exe, 00000010.00000003.1659830296.0000000003451000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: C:\Users\anyadmin\Documents\anydesk\release\app-32\win_loader\AnyDesk.pdb source: AnyDesk.exe, 00000010.00000000.1646823942.0000000001EE3000.00000002.00000001.01000000.00000009.sdmp, AnyDesk.exe, 00000013.00000002.3478942451.0000000001EE3000.00000002.00000001.01000000.00000009.sdmp
                                Source: Binary string: C:\b\s\w\ir\x\w\sdk\out\ReleaseX64\dart_precompiled_runtime_product.exe.pdbd source: SysrI6zSkJ.exe, 00000000.00000003.2258580120.000001589FD80000.00000004.00001000.00020000.00000000.sdmp, SysrI6zSkJ.exe, 00000000.00000000.1627710192.00007FF75320E000.00000002.00000001.01000000.00000003.sdmp, SysrI6zSkJ.exe, 00000000.00000002.3480634743.00007FF75320E000.00000002.00000001.01000000.00000003.sdmp, embedded.exe, 00000007.00000002.3479713989.00007FF79F51E000.00000002.00000001.01000000.00000004.sdmp, embedded.exe, 00000007.00000000.1635812849.00007FF79F51E000.00000002.00000001.01000000.00000004.sdmp
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 4x nop then jmp 096A8C82h15_2_096A8860
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 4x nop then jmp 096A9102h15_2_096A8860
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h15_2_096A94C8
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 4x nop then jmp 096A68B5h15_2_096A64E8
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 4x nop then jmp 096A68B5h15_2_096A64D8
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 4x nop then jmp 096A7F57h15_2_096A7F3F
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 4x nop then jmp 0617C21Dh18_2_0617BF58
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 4x nop then jmp 0617F2E0h18_2_0617EDE8
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 4x nop then jmp 0617CA1Fh18_2_0617C2C0
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 4x nop then jmp 061783DCh18_2_0617811B
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 4x nop then inc dword ptr [ebp-20h]18_2_06172681
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 4x nop then jmp 0617AD8Ah18_2_0617AD72
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 4x nop then inc dword ptr [ebp-20h]18_2_061723B0
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 4x nop then jmp 071A5A1Bh18_2_071A57E8
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h18_2_071A6288
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 4x nop then jmp 071A7C55h18_2_071A7C34
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 4x nop then jmp 071A6D55h18_2_071A6978
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 4x nop then jmp 079B9883h21_2_079B9650
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h21_2_079B9F30
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 4x nop then inc dword ptr [ebp-20h]21_2_079B2680
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 4x nop then inc dword ptr [ebp-20h]21_2_079B23B0
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 4x nop then jmp 07BF7C9Fh21_2_07BF7540
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 4x nop then jmp 07BFA968h21_2_07BFA470
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 4x nop then jmp 07BF749Dh21_2_07BF71D8
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 4x nop then jmp 07BF50D3h21_2_07BF50BB
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 4x nop then jmp 09657012h21_2_09656BF0
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 4x nop then jmp 09657492h21_2_09656BF0
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 4x nop then jmp 09658791h21_2_096584D1
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 4x nop then jmp 0965619Dh21_2_0965617C
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 4x nop then jmp 0965529Dh21_2_09654EC0
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 4x nop then jmp 05A2D80Fh23_2_05A2D0B0
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 4x nop then jmp 05A2FD53h23_2_05A2FB20
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 4x nop then inc dword ptr [ebp-20h]23_2_05A22680
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 4x nop then jmp 05A2A1EBh23_2_05A2A1D3
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 4x nop then inc dword ptr [ebp-20h]23_2_05A223B0
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 4x nop then jmp 05A2DEA5h23_2_05A2DAC9
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 4x nop then jmp 062856A0h23_2_062851A8
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 4x nop then jmp 0628329Bh23_2_06282FD8
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 4x nop then jmp 06280F43h23_2_06280C80
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 4x nop then jmp 06282445h23_2_06282424

                                Networking

                                barindex
                                Snort IDS alert for network traffic
                                Source: TrafficSnort IDS: 2046045 ET TROJAN [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) 192.168.2.4:49729 -> 67.203.7.148:2909
                                Source: TrafficSnort IDS: 2043231 ET TROJAN Redline Stealer TCP CnC Activity 192.168.2.4:49729 -> 67.203.7.148:2909
                                Source: TrafficSnort IDS: 2046045 ET TROJAN [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) 192.168.2.4:49730 -> 67.203.7.148:2909
                                Source: TrafficSnort IDS: 2043231 ET TROJAN Redline Stealer TCP CnC Activity 192.168.2.4:49730 -> 67.203.7.148:2909
                                Source: TrafficSnort IDS: 2043234 ET MALWARE Redline Stealer TCP CnC - Id1Response 67.203.7.148:2909 -> 192.168.2.4:49729
                                Source: TrafficSnort IDS: 2043234 ET MALWARE Redline Stealer TCP CnC - Id1Response 67.203.7.148:2909 -> 192.168.2.4:49730
                                Source: TrafficSnort IDS: 2046056 ET TROJAN Redline Stealer/MetaStealer Family Activity (Response) 67.203.7.148:2909 -> 192.168.2.4:49729
                                Source: TrafficSnort IDS: 2046056 ET TROJAN Redline Stealer/MetaStealer Family Activity (Response) 67.203.7.148:2909 -> 192.168.2.4:49730
                                Source: TrafficSnort IDS: 2046045 ET TROJAN [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) 192.168.2.4:49738 -> 67.203.7.148:2909
                                Source: TrafficSnort IDS: 2043231 ET TROJAN Redline Stealer TCP CnC Activity 192.168.2.4:49738 -> 67.203.7.148:2909
                                Source: TrafficSnort IDS: 2043234 ET MALWARE Redline Stealer TCP CnC - Id1Response 67.203.7.148:2909 -> 192.168.2.4:49738
                                Source: TrafficSnort IDS: 2046056 ET TROJAN Redline Stealer/MetaStealer Family Activity (Response) 67.203.7.148:2909 -> 192.168.2.4:49738
                                C2 URLs / IPs found in malware configuration
                                Source: Malware configuration extractorURLs: 67.203.7.148:2909
                                Source: global trafficTCP traffic: 192.168.2.4:49729 -> 67.203.7.148:2909
                                Source: Joe Sandbox ViewASN Name: AS-COLOAMUS AS-COLOAMUS
                                Source: Joe Sandbox ViewJA3 fingerprint: c91bde19008eefabce276152ccd51457
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownDNS traffic detected: queries for: boot.net.anydesk.com
                                Source: unknownHTTP traffic detected: POST /httpapi HTTP/1.1Host: api.playanext.comUser-Agent: AnyDesk/8.0.8Accept: */*Content-Length: 352Content-Type: application/x-www-form-urlencodedapi_key=c1426bd258099fa69f62933b466d4b77&event=[{"event_type":"check_offer","user_id":"db0d1542804f0aa5d1ce823eaac0ccac","session_id":1709469788715058,"ip":"$remote","event_properties":{"method_used":"Google Chrome Criteria Checker","offer_product":"Google Chrome","distributor":"AnyDesk","distributor_product":"AnyDesk","user_country":"Switzerland"}}Data Raw: Data Ascii:
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
                                Source: AnyDesk.exe, 00000010.00000003.1659830296.0000000003451000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000013.00000002.3477631483.00000000016E9000.00000002.00000001.01000000.00000009.sdmp, AnyDesk.exe, 00000013.00000003.1678141318.0000000003182000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://iptc.org/std/Iptc4xmpExt/2008-02-29/
                                Source: AnyDesk.exe, 00000010.00000003.1659830296.0000000003451000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000013.00000002.3477631483.00000000016E9000.00000002.00000001.01000000.00000009.sdmp, AnyDesk.exe, 00000013.00000003.1678141318.0000000003182000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ns.useplus.org/ldf/xmp/1.0/
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
                                Source: gg.exe, 0000000F.00000002.1905680590.000000000324C000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000002F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
                                Source: gg.exe, 0000000F.00000002.1905680590.000000000324C000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000002F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
                                Source: gg.exe, 0000000F.00000002.1905680590.000000000324C000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000002F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
                                Source: gg.exe, 0000000F.00000002.1905680590.000000000324C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/fault
                                Source: gg.exe, 00000012.00000002.1885800670.0000000002F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/faultH
                                Source: gg.exe, 0000000F.00000002.1905680590.000000000324C000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000002F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
                                Source: gg.exe, 00000012.00000002.1885800670.0000000002F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm
                                Source: gg.exe, 0000000F.00000002.1905680590.000000000324C000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000002F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
                                Source: gg.exe, 0000000F.00000002.1905680590.000000000324C000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000002F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
                                Source: gg.exe, 0000000F.00000002.1905680590.000000000324C000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000002F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
                                Source: gg.exe, 0000000F.00000002.1905680590.000000000324C000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000002F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
                                Source: gg.exe, 0000000F.00000002.1905680590.000000000324C000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000002F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
                                Source: gg.exe, 0000000F.00000002.1905680590.000000000324C000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000002F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
                                Source: gg.exe, 0000000F.00000002.1905680590.000000000324C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rmX
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
                                Source: gg.exe, 0000000F.00000002.1905680590.000000000324C000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000002F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                                Source: gg.exe, 0000000F.00000002.1905680590.000000000324C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
                                Source: gg.exe, 00000012.00000002.1885800670.0000000002F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possesspropertyh
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
                                Source: gg.exe, 0000000F.00000002.1905680590.000000000324C000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000002F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/D
                                Source: gg.exe, 0000000F.00000002.1905680590.000000000324C000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000002F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1
                                Source: gg.exe, 0000000F.00000002.1905680590.000000000324C000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000002F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10
                                Source: gg.exe, 0000000F.00000002.1905680590.000000000324C000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000002F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10Response
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.00000000032F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10ResponseD
                                Source: gg.exe, 0000000F.00000002.1905680590.000000000324C000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.00000000031BE000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000002F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11
                                Source: gg.exe, 0000000F.00000002.1905680590.000000000324C000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000002F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11Response
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000035BE000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.00000000031BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11ResponseD
                                Source: gg.exe, 0000000F.00000002.1905680590.000000000324C000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000002F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12
                                Source: gg.exe, 0000000F.00000002.1905680590.000000000324C000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000002F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12Response
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000035BE000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.00000000032F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12ResponseD
                                Source: gg.exe, 0000000F.00000002.1905680590.000000000324C000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000002F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13
                                Source: gg.exe, 0000000F.00000002.1905680590.000000000324C000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000002F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13Response
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.00000000032F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13ResponseD
                                Source: gg.exe, 0000000F.00000002.1905680590.000000000324C000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000002F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14
                                Source: gg.exe, 0000000F.00000002.1905680590.000000000324C000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000002F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14Response
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.00000000032F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14ResponseD
                                Source: gg.exe, 0000000F.00000002.1905680590.000000000324C000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000002F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 0000000F.00000002.1905680590.000000000324C000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000002F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15Response
                                Source: gg.exe, 0000000F.00000002.1905680590.0000000003616000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15ResponseD
                                Source: gg.exe, 0000000F.00000002.1905680590.000000000324C000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000002F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16
                                Source: gg.exe, 0000000F.00000002.1905680590.000000000324C000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000002F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16Response
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.00000000031BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16ResponseD
                                Source: gg.exe, 0000000F.00000002.1905680590.000000000324C000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000002F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17
                                Source: gg.exe, 0000000F.00000002.1905680590.000000000324C000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000002F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17Response
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.00000000032A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17ResponseD
                                Source: gg.exe, 0000000F.00000002.1905680590.000000000324C000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000002F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18
                                Source: gg.exe, 0000000F.00000002.1905680590.000000000324C000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000002F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18Response
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.00000000032A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18ResponseD
                                Source: gg.exe, 0000000F.00000002.1905680590.000000000324C000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000002F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19
                                Source: gg.exe, 0000000F.00000002.1905680590.000000000324C000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000002F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19Response
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.00000000032A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19ResponseD
                                Source: gg.exe, 0000000F.00000002.1905680590.000000000324C000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000002F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1Response
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1ResponseD
                                Source: gg.exe, 0000000F.00000002.1905680590.000000000324C000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000002F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2
                                Source: gg.exe, 0000000F.00000002.1905680590.000000000324C000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000002F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20
                                Source: gg.exe, 0000000F.00000002.1905680590.000000000324C000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000002F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20Response
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003332000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20ResponseD
                                Source: gg.exe, 0000000F.00000002.1905680590.000000000324C000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000002F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21
                                Source: gg.exe, 0000000F.00000002.1905680590.000000000324C000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000002F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21Response
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21ResponseD
                                Source: gg.exe, 0000000F.00000002.1905680590.000000000324C000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000002F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 0000000F.00000002.1905680590.000000000324C000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000002F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22Response
                                Source: gg.exe, 0000000F.00000002.1905680590.0000000003797000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003332000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22ResponseD
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 0000000F.00000002.1905680590.000000000324C000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003213000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000002F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 0000000F.00000002.1905680590.000000000324C000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 0000000F.00000002.1905680590.00000000035BE000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.00000000032F2000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000002F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23Response
                                Source: gg.exe, 0000000F.00000002.1905680590.0000000003797000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003332000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23ResponseD
                                Source: gg.exe, 0000000F.00000002.1905680590.000000000324C000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000002F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24
                                Source: gg.exe, 0000000F.00000002.1905680590.000000000324C000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000002F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24Response
                                Source: gg.exe, 0000000F.00000002.1905680590.000000000324C000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000002F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2Response
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2ResponseD
                                Source: gg.exe, 0000000F.00000002.1905680590.000000000324C000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000002F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3
                                Source: gg.exe, 0000000F.00000002.1905680590.000000000324C000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000002F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3Response
                                Source: gg.exe, 0000000F.00000002.1905680590.000000000324C000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000002F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4
                                Source: gg.exe, 0000000F.00000002.1905680590.000000000324C000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000002F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4Response
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4ResponseD
                                Source: gg.exe, 0000000F.00000002.1905680590.000000000324C000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000002F91000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1888129500.0000000004180000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 0000000F.00000002.1905680590.000000000324C000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000002F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5Response
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.00000000032A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5ResponseD
                                Source: gg.exe, 0000000F.00000002.1909250900.0000000004301000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 0000000F.00000002.1905680590.000000000324C000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000002F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6
                                Source: gg.exe, 0000000F.00000002.1905680590.000000000324C000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000002F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6Response
                                Source: gg.exe, 0000000F.00000002.1905680590.0000000003793000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.00000000032A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6ResponseD
                                Source: gg.exe, 0000000F.00000002.1905680590.000000000324C000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000002F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7
                                Source: gg.exe, 0000000F.00000002.1905680590.000000000324C000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000002F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7Response
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.00000000032A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7ResponseD
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 0000000F.00000002.1905680590.000000000324C000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000002F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8
                                Source: gg.exe, 0000000F.00000002.1905680590.000000000324C000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 0000000F.00000002.1905680590.0000000003797000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000002F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8Response
                                Source: gg.exe, 0000000F.00000002.1905680590.0000000003797000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.00000000032F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8ResponseD
                                Source: gg.exe, 0000000F.00000002.1905680590.000000000324C000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000002F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9
                                Source: gg.exe, 0000000F.00000002.1905680590.000000000324C000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000002F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9Response
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.00000000032A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9ResponseD
                                Source: AnyDesk.exe, 00000010.00000003.1659830296.0000000003451000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000013.00000002.3477631483.00000000016E9000.00000002.00000001.01000000.00000009.sdmp, AnyDesk.exe, 00000013.00000003.1678141318.0000000003182000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.gimp.org/xmp/
                                Source: AnyDesk.exe, 00000010.00000003.1659830296.0000000003451000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000013.00000002.3477631483.00000000016E9000.00000002.00000001.01000000.00000009.sdmp, AnyDesk.exe, 00000013.00000003.1678141318.0000000003182000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.opengl.org/registry/
                                Source: AnyDesk.exe, 00000013.00000003.1678141318.0000000003182000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.openssl.org/)
                                Source: AnyDesk.exe, 00000010.00000003.1659830296.0000000003451000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000013.00000002.3477631483.00000000016E9000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://www.openssl.org/support/faq.html
                                Source: AnyDesk.exe, 00000010.00000003.1659830296.0000000003451000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000013.00000002.3477631483.00000000016E9000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://www.openssl.org/support/faq.htmlEC_PRIVATEKEYpublicKeyparametersprivateKeyECPKPARAMETERSvalue
                                Source: gg.exe, 0000000F.00000002.1909250900.0000000004301000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1888129500.00000000042F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                                Source: AnyDesk.exe, 00000010.00000003.1659830296.0000000003451000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000013.00000002.3477631483.00000000016E9000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://anydesk.com
                                Source: AnyDesk.exeString found in binary or memory: https://anydesk.com/
                                Source: AnyDesk.exe, 00000010.00000003.1667261960.0000000004A00000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1667190664.00000000049F8000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1667450455.0000000004A06000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1667067673.00000000049ED000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1667309066.0000000004A05000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1667012404.00000000049CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anydesk.com/S
                                Source: AnyDesk.exe, 00000010.00000003.1659830296.0000000003451000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1667333177.000000000498B000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000013.00000002.3477631483.00000000016E9000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://anydesk.com/company#imprint
                                Source: AnyDesk.exe, 00000010.00000003.1659830296.0000000003451000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1667333177.000000000498B000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000013.00000002.3477631483.00000000016E9000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://anydesk.com/contact/sales
                                Source: AnyDesk.exe, 00000013.00000003.1678141318.0000000003182000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anydesk.com/contact/sales)
                                Source: AnyDesk.exe, 00000013.00000003.1678141318.0000000003182000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anydesk.com/de/datenschutz
                                Source: AnyDesk.exe, 00000010.00000003.1659830296.0000000003451000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000013.00000002.3477631483.00000000016E9000.00000002.00000001.01000000.00000009.sdmp, AnyDesk.exe, 00000013.00000003.1678141318.0000000003182000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anydesk.com/en/assembly
                                Source: AnyDesk.exe, 00000010.00000003.1659830296.0000000003451000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000013.00000002.3477631483.00000000016E9000.00000002.00000001.01000000.00000009.sdmp, AnyDesk.exe, 00000013.00000003.1678141318.0000000003182000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anydesk.com/en/assembly/terms
                                Source: AnyDesk.exe, 00000010.00000003.1659830296.0000000003451000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1667333177.000000000498B000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000013.00000002.3477631483.00000000016E9000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://anydesk.com/en/changelog/windows
                                Source: AnyDesk.exe, 00000013.00000003.1678141318.0000000003182000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anydesk.com/en/privacy
                                Source: AnyDesk.exe, 00000013.00000003.1678141318.0000000003182000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anydesk.com/es/privacidad
                                Source: AnyDesk.exe, 00000010.00000003.1667415426.00000000049E0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1667139623.00000000049D9000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1667012404.00000000049CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anydesk.com/eyb
                                Source: AnyDesk.exe, 00000010.00000003.1667415426.00000000049E0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1667139623.00000000049D9000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1667012404.00000000049CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anydesk.com/le_
                                Source: AnyDesk.exe, 00000013.00000002.3477631483.00000000016E9000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://anydesk.com/order
                                Source: AnyDesk.exe, 00000010.00000003.1659830296.0000000003451000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1667333177.000000000498B000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000013.00000002.3477631483.00000000016E9000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://anydesk.com/pricing/teams
                                Source: AnyDesk.exe, 00000013.00000003.1678141318.0000000003182000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anydesk.com/pricing/teams)
                                Source: AnyDesk.exe, 00000013.00000002.3477631483.00000000016E9000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://anydesk.com/privacy
                                Source: AnyDesk.exe, 00000010.00000003.1659830296.0000000003451000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1667333177.000000000498B000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000013.00000002.3477631483.00000000016E9000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://anydesk.com/terms
                                Source: AnyDesk.exe, 00000010.00000003.1659830296.0000000003451000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1667333177.000000000498B000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000013.00000002.3477631483.00000000016E9000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://anydesk.com/update
                                Source: SysrI6zSkJ.exe, 00000000.00000003.2259823166.000001589E200000.00000004.00001000.00020000.00000000.sdmp, embedded.exe, 00000007.00000002.3477005535.0000022F0BB80000.00000004.00001000.00020000.00000000.sdmp, gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 0000000F.00000000.1644111512.0000000000D62000.00000002.00000001.01000000.00000007.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ip.sb/ip
                                Source: AnyDesk.exe, 00000010.00000003.1659830296.0000000003451000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000013.00000002.3477631483.00000000016E9000.00000002.00000001.01000000.00000009.sdmp, AnyDesk.exe, 00000013.00000003.1678141318.0000000003182000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://boot.net.anydesk.comabcdefABCDEFtruefalsetfInvalid
                                Source: gg.exe, 0000000F.00000002.1909250900.0000000004301000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1888129500.00000000042F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                                Source: gg.exe, 0000000F.00000002.1909250900.0000000004301000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1888129500.00000000042F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                                Source: gg.exe, 0000000F.00000002.1909250900.0000000004301000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1888129500.00000000042F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                                Source: embedded.exe, 00000007.00000000.1635812849.00007FF79F51E000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://dartbug.com/52121.
                                Source: SysrI6zSkJ.exe, 00000000.00000003.2258580120.000001589FD80000.00000004.00001000.00020000.00000000.sdmp, SysrI6zSkJ.exe, 00000000.00000000.1627710192.00007FF75320E000.00000002.00000001.01000000.00000003.sdmp, SysrI6zSkJ.exe, 00000000.00000002.3480634743.00007FF75320E000.00000002.00000001.01000000.00000003.sdmp, embedded.exe, 00000007.00000002.3479713989.00007FF79F51E000.00000002.00000001.01000000.00000004.sdmp, embedded.exe, 00000007.00000000.1635812849.00007FF79F51E000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://dartbug.com/52121.enable_deprecated_wait_fordart::../../runtime/vm/dart_api_impl.ccNewErrorN
                                Source: AnyDesk.exe, 00000010.00000003.1659830296.0000000003451000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000013.00000002.3477631483.00000000016E9000.00000002.00000001.01000000.00000009.sdmp, AnyDesk.exe, 00000013.00000003.1678141318.0000000003182000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://datatracker.ietf.org/ipr/1524/
                                Source: AnyDesk.exe, 00000010.00000003.1659830296.0000000003451000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000013.00000002.3477631483.00000000016E9000.00000002.00000001.01000000.00000009.sdmp, AnyDesk.exe, 00000013.00000003.1678141318.0000000003182000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://datatracker.ietf.org/ipr/1526/
                                Source: AnyDesk.exe, 00000010.00000003.1659830296.0000000003451000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000013.00000002.3477631483.00000000016E9000.00000002.00000001.01000000.00000009.sdmp, AnyDesk.exe, 00000013.00000003.1678141318.0000000003182000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://datatracker.ietf.org/ipr/1914/
                                Source: gg.exe, 0000000F.00000002.1909250900.0000000004301000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1888129500.00000000042F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                                Source: gg.exe, 0000000F.00000002.1909250900.0000000004301000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                                Source: gg.exe, 00000012.00000002.1888129500.00000000042F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtabS
                                Source: gg.exe, 0000000F.00000002.1909250900.0000000004301000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1888129500.00000000042F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                                Source: embedded.exe, 00000007.00000000.1635812849.00007FF79F51E000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://github.com/dart-lang/sdk/blob/master/runtime/docs/compiler/aot/entry_point_pragma.md
                                Source: AnyDesk.exe, 00000010.00000003.1659830296.0000000003451000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1667333177.000000000498B000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000013.00000002.3477631483.00000000016E9000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://help.anydesk.com
                                Source: AnyDesk.exe, 00000013.00000002.3477631483.00000000016E9000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://help.anydesk.com/
                                Source: AnyDesk.exe, 00000013.00000002.3477631483.00000000016E9000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://help.anydesk.com/$
                                Source: AnyDesk.exe, 00000010.00000003.1659830296.0000000003451000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000013.00000002.3477631483.00000000016E9000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://help.anydesk.com/HelpLinkInstallLocationAnyDesk
                                Source: AnyDesk.exe, 00000010.00000003.1659830296.0000000003451000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1667333177.000000000498B000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000013.00000002.3477631483.00000000016E9000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://my.anydesk.com
                                Source: AnyDesk.exe, 00000010.00000003.1659830296.0000000003451000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000013.00000002.3477631483.00000000016E9000.00000002.00000001.01000000.00000009.sdmp, AnyDesk.exe, 00000013.00000003.1678141318.0000000003182000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://my.anydesk.com/auth/realms/myanydesk/login-actions/reset-credentials
                                Source: AnyDesk.exeString found in binary or memory: https://my.anydesk.com/auth/realms/myanydesk/login-actions/reset-credentials?client_id=myanydesk-fro
                                Source: AnyDesk.exe, 00000013.00000003.1678141318.0000000003182000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://my.anydesk.com/auth/realms/myanydesk/protocol/openid-connect/registrations?client_id=myanyde
                                Source: AnyDesk.exe, 00000013.00000002.3477631483.00000000016E9000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://my.anydesk.com/password-generator.
                                Source: AnyDesk.exe, 00000013.00000002.3477631483.00000000016E9000.00000002.00000001.01000000.00000009.sdmp, AnyDesk.exe, 00000013.00000003.1678141318.0000000003182000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://my.anydesk.com/v2
                                Source: AnyDesk.exe, 00000010.00000003.1659830296.0000000003451000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1667333177.000000000498B000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000013.00000002.3477631483.00000000016E9000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://order.anydesk.com/trial
                                Source: AnyDesk.exe, 00000010.00000003.1659830296.0000000003451000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1667333177.000000000498B000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000013.00000002.3477631483.00000000016E9000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://policies.google.com/privacy?hl=$
                                Source: AnyDesk.exe, 00000013.00000002.3477631483.00000000016E9000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://support.anydesk.com
                                Source: AnyDesk.exe, 00000010.00000003.1659830296.0000000003451000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1667333177.000000000498B000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000013.00000002.3477631483.00000000016E9000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://support.anydesk.com/knowledge/account-migration
                                Source: AnyDesk.exe, 00000010.00000003.1659830296.0000000003451000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1667333177.000000000498B000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000013.00000002.3477631483.00000000016E9000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://support.anydesk.com/knowledge/anydesk-account
                                Source: AnyDesk.exe, 00000010.00000003.1667415426.00000000049E0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1659830296.0000000003451000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1667333177.000000000498B000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000013.00000002.3477631483.00000000016E9000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://support.anydesk.com/knowledge/anydesk-for-android-chromeos#troubleshooting
                                Source: AnyDesk.exe, 00000010.00000003.1659830296.0000000003451000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1667333177.000000000498B000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000013.00000002.3477631483.00000000016E9000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://support.anydesk.com/knowledge/anydesk-id-and-alias
                                Source: AnyDesk.exe, 00000010.00000003.1659830296.0000000003451000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1667450455.0000000004A06000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1667333177.000000000498B000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000013.00000002.3477631483.00000000016E9000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://support.anydesk.com/knowledge/my-anydesk-ii#user-management
                                Source: AnyDesk.exe, 00000010.00000003.1659830296.0000000003451000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1667333177.000000000498B000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000013.00000002.3477631483.00000000016E9000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://support.anydesk.com/knowledge/quick-start-guide
                                Source: AnyDesk.exe, 00000010.00000003.1659830296.0000000003451000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1667333177.000000000498B000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000013.00000002.3477631483.00000000016E9000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://support.anydesk.com/knowledge/status-anynet_overload
                                Source: AnyDesk.exe, 00000010.00000003.1659830296.0000000003451000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1667333177.000000000498B000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000013.00000002.3477631483.00000000016E9000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://support.anydesk.com/knowledge/status-desk_rt_auto_disconnect
                                Source: AnyDesk.exe, 00000010.00000003.1659830296.0000000003451000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1667333177.000000000498B000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000013.00000002.3477631483.00000000016E9000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://support.anydesk.com/knowledge/status-desk_rt_ipc_error
                                Source: AnyDesk.exeString found in binary or memory: https://support.anydesk.com/knowledge/the-session-has-ended-unexpectedly
                                Source: AnyDesk.exe, 00000010.00000003.1659830296.0000000003451000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1667333177.000000000498B000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000013.00000002.3477631483.00000000016E9000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://support.anydesk.com/knowledge/users
                                Source: AnyDesk.exeString found in binary or memory: https://support.anydesk.com/knowledge/waiting-for-image-black-screen
                                Source: AnyDesk.exe, 00000010.00000003.1659830296.0000000003451000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1667333177.000000000498B000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000013.00000002.3477631483.00000000016E9000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://support.anydesk.com/knowledge/what-is-full-client-management
                                Source: AnyDesk.exeString found in binary or memory: https://support.google.com/chrome/contact/chromeuninstall3?hl=$1
                                Source: AnyDesk.exe, 00000013.00000003.1980331395.0000000004F61000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/contact/chromeuninstall3?hl=$1microsoft-edge:openFailed
                                Source: gg.exe, 0000000F.00000002.1909250900.0000000004301000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1888129500.00000000042F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                                Source: gg.exe, 0000000F.00000002.1909250900.0000000004301000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1888129500.00000000042F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                                Source: AnyDesk.exeString found in binary or memory: https://www.google.com/intl/$
                                Source: AnyDesk.exe, 00000010.00000003.1659830296.0000000003451000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000013.00000002.3477631483.00000000016E9000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://www.nayuki.io/page/qr-code-generator-library
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                                Source: unknownHTTPS traffic detected: 37.59.29.33:443 -> 192.168.2.4:49731 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 64.31.23.30:443 -> 192.168.2.4:49733 version: TLS 1.2
                                Source: AnyDesk.exe, 00000010.00000003.1659830296.0000000003451000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DirectDrawCreateExmemstr_0888e1e9-4
                                Source: AnyDesk.exe, 00000010.00000003.1659830296.0000000003451000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: GetRawInputDatamemstr_d5e2b639-3

                                System Summary

                                barindex
                                Windows Scripting host queries suspicious COM object (likely to drop second stage)
                                Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: 19_2_69C3B6C0 new,SetHandleInformation,CreateEnvironmentBlock,CreateProcessAsUserW,DestroyEnvironmentBlock,CreateProcessW,AssignProcessToJobObject,GetCurrentProcess,GetCurrentProcess,TerminateProcess,GetCurrentProcess,WaitForSingleObject,ResumeThread,WaitForSingleObject,19_2_69C3B6C0
                                Source: C:\Users\user\Desktop\SysrI6zSkJ.exeCode function: 0_2_000001589FCCD7AB0_2_000001589FCCD7AB
                                Source: C:\Users\user\Desktop\SysrI6zSkJ.exeCode function: 0_2_000001589FCCD4480_2_000001589FCCD448
                                Source: C:\Users\user\Desktop\SysrI6zSkJ.exeCode function: 0_2_000001589FCB73C40_2_000001589FCB73C4
                                Source: C:\Users\user\Desktop\SysrI6zSkJ.exeCode function: 0_2_000001589FCD53CE0_2_000001589FCD53CE
                                Source: C:\Users\user\Desktop\SysrI6zSkJ.exeCode function: 0_2_000001589FCBF2940_2_000001589FCBF294
                                Source: C:\Users\user\Desktop\SysrI6zSkJ.exeCode function: 0_2_000001589FCB711C0_2_000001589FCB711C
                                Source: C:\Users\user\Desktop\SysrI6zSkJ.exeCode function: 0_2_000001589FCB68B80_2_000001589FCB68B8
                                Source: C:\ProgramData\WinNet\embedded.exeCode function: 7_2_0000022F0C4257AB7_2_0000022F0C4257AB
                                Source: C:\ProgramData\WinNet\embedded.exeCode function: 7_2_0000022F0C40E8B87_2_0000022F0C40E8B8
                                Source: C:\ProgramData\WinNet\embedded.exeCode function: 7_2_0000022F0C40F11C7_2_0000022F0C40F11C
                                Source: C:\ProgramData\WinNet\embedded.exeCode function: 7_2_0000022F0C4172947_2_0000022F0C417294
                                Source: C:\ProgramData\WinNet\embedded.exeCode function: 7_2_0000022F0C40F3C47_2_0000022F0C40F3C4
                                Source: C:\ProgramData\WinNet\embedded.exeCode function: 7_2_0000022F0C42D3CE7_2_0000022F0C42D3CE
                                Source: C:\ProgramData\WinNet\embedded.exeCode function: 7_2_0000022F0C4254487_2_0000022F0C425448
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 15_2_030CDC7415_2_030CDC74
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 15_2_06CBA33815_2_06CBA338
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 15_2_06CBBE7015_2_06CBBE70
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 15_2_06CB059115_2_06CB0591
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 15_2_06CBBE6115_2_06CBBE61
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 15_2_06CBEC8015_2_06CBEC80
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 15_2_06CBEC7015_2_06CBEC70
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 15_2_06CB2DD815_2_06CB2DD8
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 15_2_06CBA84415_2_06CBA844
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 15_2_06CBA85015_2_06CBA850
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 15_2_096A81C015_2_096A81C0
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 15_2_096A518015_2_096A5180
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 15_2_096A886015_2_096A8860
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 15_2_096A701815_2_096A7018
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 15_2_096A58D815_2_096A58D8
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 15_2_096A408015_2_096A4080
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 15_2_096AB51015_2_096AB510
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 15_2_096A2DD015_2_096A2DD0
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 15_2_096A35A815_2_096A35A8
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 15_2_096A3C0015_2_096A3C00
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 15_2_096A94C815_2_096A94C8
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 15_2_096A477815_2_096A4778
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 15_2_096A765815_2_096A7658
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 15_2_096A81B015_2_096A81B0
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 15_2_096A218815_2_096A2188
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 15_2_096A407015_2_096A4070
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 15_2_096A004015_2_096A0040
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 15_2_096A885F15_2_096A885F
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 15_2_096A402715_2_096A4027
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 15_2_096A700815_2_096A7008
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 15_2_096A001315_2_096A0013
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 15_2_096A254815_2_096A2548
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 15_2_096A253715_2_096A2537
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 15_2_096A2DC015_2_096A2DC0
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 15_2_096A359815_2_096A3598
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 15_2_096A64E815_2_096A64E8
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 15_2_096A64D815_2_096A64D8
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 15_2_096A94B915_2_096A94B9
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 15_2_096A476815_2_096A4768
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 18_2_0142DC7418_2_0142DC74
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 18_2_0617D64818_2_0617D648
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 18_2_0617866818_2_06178668
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 18_2_061796E018_2_061796E0
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 18_2_0617A48818_2_0617A488
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 18_2_06179D2018_2_06179D20
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 18_2_0617EDE818_2_0617EDE8
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 18_2_0617C2C018_2_0617C2C0
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 18_2_06175AE818_2_06175AE8
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 18_2_0617B38918_2_0617B389
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 18_2_061763B818_2_061763B8
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 18_2_0617CBD818_2_0617CBD8
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 18_2_061708E818_2_061708E8
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 18_2_0617811B18_2_0617811B
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 18_2_0617865918_2_06178659
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 18_2_061796D018_2_061796D0
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 18_2_061757A018_2_061757A0
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 18_2_06179D1018_2_06179D10
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 18_2_061708D718_2_061708D7
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 18_2_071A6F7818_2_071A6F78
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 18_2_071A85D018_2_071A85D0
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 18_2_071A7CE818_2_071A7CE8
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 18_2_071A628818_2_071A6288
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 18_2_071AAADF18_2_071AAADF
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 18_2_071A7CDB18_2_071A7CDB
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 18_2_071A321F18_2_071A321F
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 18_2_071A323018_2_071A3230
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 18_2_071A627918_2_071A6279
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 18_2_071A697818_2_071A6978
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: 19_2_69C439A419_2_69C439A4
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: 19_2_69C44B2219_2_69C44B22
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: 19_2_69C35D1019_2_69C35D10
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: 19_2_69C47F4E19_2_69C47F4E
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: 19_2_69C41ED019_2_69C41ED0
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: 19_2_69C43EA019_2_69C43EA0
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: 19_2_69C4AE2019_2_69C4AE20
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: 19_2_69C4817D19_2_69C4817D
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: 19_2_69C2A09019_2_69C2A090
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: 19_2_69C5309319_2_69C53093
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: 19_2_69C403B719_2_69C403B7
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: 19_2_69C5230119_2_69C52301
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: 19_2_69C442B819_2_69C442B8
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: 19_2_69C3458019_2_69C34580
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: 19_2_69C5851719_2_69C58517
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: 19_2_69C556C919_2_69C556C9
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: 19_2_69C446ED19_2_69C446ED
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 21_2_015BDC7421_2_015BDC74
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 21_2_079BA6B821_2_079BA6B8
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 21_2_079B630021_2_079B6300
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 21_2_079B80A021_2_079B80A0
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 21_2_079B9F3021_2_079B9F30
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 21_2_079BAC1821_2_079BAC18
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 21_2_079B6BD021_2_079B6BD0
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 21_2_079B08E821_2_079B08E8
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 21_2_079BA6A921_2_079BA6A9
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 21_2_079B5FB821_2_079B5FB8
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 21_2_079B9F2121_2_079B9F21
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 21_2_079BAC0921_2_079BAC09
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 21_2_079B08D821_2_079B08D8
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 21_2_07BF579821_2_07BF5798
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 21_2_07BF47D021_2_07BF47D0
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 21_2_07BF754021_2_07BF7540
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 21_2_07BFA47021_2_07BFA470
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 21_2_07BFC27021_2_07BFC270
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 21_2_07BF406821_2_07BF4068
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 21_2_07BFCFC821_2_07BFCFC8
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 21_2_07BF7E5821_2_07BF7E58
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 21_2_07BF3A2821_2_07BF3A28
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 21_2_07BF88D121_2_07BF88D1
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 21_2_07BF405721_2_07BF4057
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 21_2_07BF5EA221_2_07BF5EA2
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 21_2_07BF3A1821_2_07BF3A18
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 21_2_07BF198821_2_07BF1988
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 21_2_07BF197921_2_07BF1979
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 21_2_07BF195021_2_07BF1950
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 21_2_07BF68A021_2_07BF68A0
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 21_2_0965316021_2_09653160
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 21_2_0965792821_2_09657928
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 21_2_09653B6821_2_09653B68
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 21_2_09656BF021_2_09656BF0
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 21_2_09652A5C21_2_09652A5C
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 21_2_0965623021_2_09656230
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 21_2_096542B421_2_096542B4
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 21_2_0965AA9121_2_0965AA91
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 21_2_096525D921_2_096525D9
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 21_2_096584D121_2_096584D1
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 21_2_096554BF21_2_096554BF
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 21_2_096517A821_2_096517A8
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 21_2_09651F8021_2_09651F80
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 21_2_0965315021_2_09653150
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 21_2_09650B7021_2_09650B70
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 21_2_09656BE021_2_09656BE0
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 21_2_0965622021_2_09656220
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 21_2_09650F3021_2_09650F30
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 21_2_09654EC021_2_09654EC0
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 23_2_0263DC7423_2_0263DC74
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 23_2_05A2C6E023_2_05A2C6E0
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 23_2_05A286D823_2_05A286D8
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 23_2_05A2918023_2_05A29180
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 23_2_05A2A8AF23_2_05A2A8AF
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 23_2_05A2D0B023_2_05A2D0B0
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 23_2_05A208E823_2_05A208E8
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 23_2_05A298E823_2_05A298E8
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 23_2_05A2E03823_2_05A2E038
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 23_2_05A28B4023_2_05A28B40
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 23_2_05A2635023_2_05A26350
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 23_2_05A25A8023_2_05A25A80
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 23_2_05A2AFB023_2_05A2AFB0
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 23_2_05A2573823_2_05A25738
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 23_2_05A286C823_2_05A286C8
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 23_2_05A208D823_2_05A208D8
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 23_2_05A28B3123_2_05A28B31
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 23_2_05A2EAE923_2_05A2EAE9
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 23_2_05A2DAC923_2_05A2DAC9
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 23_2_0628176823_2_06281768
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 23_2_062874F823_2_062874F8
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 23_2_062824D823_2_062824D8
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 23_2_062805E823_2_062805E8
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 23_2_0628D22023_2_0628D220
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 23_2_0628810823_2_06288108
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 23_2_062851A823_2_062851A8
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 23_2_06280C8023_2_06280C80
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 23_2_062839D023_2_062839D0
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 23_2_062824C823_2_062824C8
                                Source: Joe Sandbox ViewDropped File: C:\ProgramData\WinNet\gcapi.dll 73170761D6776C0DEBACFBBC61B6988CB8270A20174BF5C049768A264BB8FFAF
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: String function: 69C22EA0 appears 47 times
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: String function: 69C22340 appears 31 times
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: String function: 69C26EC0 appears 51 times
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: String function: 69C3FC11 appears 50 times
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: String function: 69C41630 appears 48 times
                                Source: AnyDesk.exe.7.drStatic PE information: No import functions for PE file found
                                Source: SysrI6zSkJ.exe, 00000000.00000003.2259823166.000001589E241000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameAstutest.exe8 vs SysrI6zSkJ.exe
                                Source: C:\Users\user\Desktop\SysrI6zSkJ.exeSection loaded: apphelp.dllJump to behavior
                                Source: C:\Users\user\Desktop\SysrI6zSkJ.exeSection loaded: iphlpapi.dllJump to behavior
                                Source: C:\Users\user\Desktop\SysrI6zSkJ.exeSection loaded: dbghelp.dllJump to behavior
                                Source: C:\Users\user\Desktop\SysrI6zSkJ.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Windows\System32\cmd.exeSection loaded: apphelp.dllJump to behavior
                                Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dllJump to behavior
                                Source: C:\Windows\System32\cmd.exeSection loaded: windows.storage.dllJump to behavior
                                Source: C:\Windows\System32\cmd.exeSection loaded: wldp.dllJump to behavior
                                Source: C:\Windows\System32\cmd.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Windows\System32\cmd.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\Windows\System32\cmd.exeSection loaded: propsys.dllJump to behavior
                                Source: C:\Windows\System32\cmd.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\Windows\System32\cmd.exeSection loaded: edputil.dllJump to behavior
                                Source: C:\Windows\System32\cmd.exeSection loaded: urlmon.dllJump to behavior
                                Source: C:\Windows\System32\cmd.exeSection loaded: iertutil.dllJump to behavior
                                Source: C:\Windows\System32\cmd.exeSection loaded: srvcli.dllJump to behavior
                                Source: C:\Windows\System32\cmd.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Windows\System32\cmd.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                Source: C:\Windows\System32\cmd.exeSection loaded: policymanager.dllJump to behavior
                                Source: C:\Windows\System32\cmd.exeSection loaded: msvcp110_win.dllJump to behavior
                                Source: C:\Windows\System32\cmd.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Windows\System32\cmd.exeSection loaded: wintypes.dllJump to behavior
                                Source: C:\Windows\System32\cmd.exeSection loaded: appresolver.dllJump to behavior
                                Source: C:\Windows\System32\cmd.exeSection loaded: bcp47langs.dllJump to behavior
                                Source: C:\Windows\System32\cmd.exeSection loaded: slc.dllJump to behavior
                                Source: C:\Windows\System32\cmd.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\Windows\System32\cmd.exeSection loaded: sppc.dllJump to behavior
                                Source: C:\Windows\System32\cmd.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                Source: C:\Windows\System32\cmd.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                Source: C:\Windows\System32\cmd.exeSection loaded: pcacli.dllJump to behavior
                                Source: C:\Windows\System32\cmd.exeSection loaded: mpr.dllJump to behavior
                                Source: C:\Windows\System32\cmd.exeSection loaded: sfc_os.dllJump to behavior
                                Source: C:\ProgramData\WinNet\embedded.exeSection loaded: apphelp.dllJump to behavior
                                Source: C:\ProgramData\WinNet\embedded.exeSection loaded: iphlpapi.dllJump to behavior
                                Source: C:\ProgramData\WinNet\embedded.exeSection loaded: dbghelp.dllJump to behavior
                                Source: C:\ProgramData\WinNet\embedded.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: version.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: vbscript.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: apphelp.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: dlnashext.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: wpdshext.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: edputil.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: urlmon.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: srvcli.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: wintypes.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: appresolver.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: bcp47langs.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: slc.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: sppc.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                Source: C:\Windows\System32\cmd.exeSection loaded: apphelp.dllJump to behavior
                                Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dll
                                Source: C:\Windows\System32\cmd.exeSection loaded: windows.storage.dll
                                Source: C:\Windows\System32\cmd.exeSection loaded: wldp.dll
                                Source: C:\Windows\System32\cmd.exeSection loaded: kernel.appcore.dll
                                Source: C:\Windows\System32\cmd.exeSection loaded: uxtheme.dll
                                Source: C:\Windows\System32\cmd.exeSection loaded: propsys.dll
                                Source: C:\Windows\System32\cmd.exeSection loaded: profapi.dll
                                Source: C:\Windows\System32\cmd.exeSection loaded: edputil.dll
                                Source: C:\Windows\System32\cmd.exeSection loaded: urlmon.dll
                                Source: C:\Windows\System32\cmd.exeSection loaded: iertutil.dll
                                Source: C:\Windows\System32\cmd.exeSection loaded: srvcli.dll
                                Source: C:\Windows\System32\cmd.exeSection loaded: netutils.dll
                                Source: C:\Windows\System32\cmd.exeSection loaded: windows.staterepositoryps.dll
                                Source: C:\Windows\System32\cmd.exeSection loaded: policymanager.dll
                                Source: C:\Windows\System32\cmd.exeSection loaded: msvcp110_win.dll
                                Source: C:\Windows\System32\cmd.exeSection loaded: sspicli.dll
                                Source: C:\Windows\System32\cmd.exeSection loaded: wintypes.dll
                                Source: C:\Windows\System32\cmd.exeSection loaded: appresolver.dll
                                Source: C:\Windows\System32\cmd.exeSection loaded: bcp47langs.dll
                                Source: C:\Windows\System32\cmd.exeSection loaded: slc.dll
                                Source: C:\Windows\System32\cmd.exeSection loaded: userenv.dll
                                Source: C:\Windows\System32\cmd.exeSection loaded: sppc.dll
                                Source: C:\Windows\System32\cmd.exeSection loaded: onecorecommonproxystub.dll
                                Source: C:\Windows\System32\cmd.exeSection loaded: onecoreuapcommonproxystub.dll
                                Source: C:\Windows\System32\cmd.exeSection loaded: pcacli.dll
                                Source: C:\Windows\System32\cmd.exeSection loaded: mpr.dll
                                Source: C:\Windows\System32\cmd.exeSection loaded: sfc_os.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: mscoree.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: apphelp.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: version.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: windows.storage.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: wldp.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: cryptsp.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: rsaenh.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: cryptbase.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: dwrite.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: msvcp140_clr0400.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: textshaping.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: textinputframework.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: coreuicomponents.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: coremessaging.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: ntmarta.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: coremessaging.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: wintypes.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: wintypes.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: wintypes.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: mswsock.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: secur32.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: wbemcomn.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: amsi.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: windowscodecs.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: dpapi.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: rstrtmgr.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: ncrypt.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: ntasn1.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: winmm.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: iphlpapi.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: winhttp.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: secur32.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: msimg32.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: usp10.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: windows.storage.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: wldp.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: ntmarta.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: windowscodecs.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: thumbcache.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: policymanager.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: msvcp110_win.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: dpapi.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: cryptbase.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: wtsapi32.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: propsys.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: linkinfo.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: ntshrui.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: srvcli.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: cscapi.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: wtsapi32.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: textshaping.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: dwmapi.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: textinputframework.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: coreuicomponents.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: coremessaging.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: coremessaging.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: wintypes.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: wintypes.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: wintypes.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: explorerframe.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: wtsapi32.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: wbemcomn.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: amsi.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: version.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: dataexchange.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: d3d11.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: dcomp.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: dxgi.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: twinapi.appcore.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: wtsapi32.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: version.dll
                                Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dll
                                Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dll
                                Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dll
                                Source: C:\Windows\System32\wscript.exeSection loaded: vbscript.dll
                                Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dll
                                Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dll
                                Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dll
                                Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dll
                                Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dll
                                Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dll
                                Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dll
                                Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dll
                                Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dll
                                Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dll
                                Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dll
                                Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dll
                                Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dll
                                Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dll
                                Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dll
                                Source: C:\Windows\System32\wscript.exeSection loaded: apphelp.dll
                                Source: C:\Windows\System32\wscript.exeSection loaded: dlnashext.dll
                                Source: C:\Windows\System32\wscript.exeSection loaded: wpdshext.dll
                                Source: C:\Windows\System32\wscript.exeSection loaded: edputil.dll
                                Source: C:\Windows\System32\wscript.exeSection loaded: urlmon.dll
                                Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dll
                                Source: C:\Windows\System32\wscript.exeSection loaded: srvcli.dll
                                Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dll
                                Source: C:\Windows\System32\wscript.exeSection loaded: windows.staterepositoryps.dll
                                Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dll
                                Source: C:\Windows\System32\wscript.exeSection loaded: wintypes.dll
                                Source: C:\Windows\System32\wscript.exeSection loaded: appresolver.dll
                                Source: C:\Windows\System32\wscript.exeSection loaded: bcp47langs.dll
                                Source: C:\Windows\System32\wscript.exeSection loaded: slc.dll
                                Source: C:\Windows\System32\wscript.exeSection loaded: sppc.dll
                                Source: C:\Windows\System32\wscript.exeSection loaded: onecorecommonproxystub.dll
                                Source: C:\Windows\System32\wscript.exeSection loaded: onecoreuapcommonproxystub.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: mscoree.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: version.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: windows.storage.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: wldp.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: cryptsp.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: rsaenh.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: cryptbase.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: dwrite.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: msvcp140_clr0400.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: textshaping.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: textinputframework.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: coreuicomponents.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: coremessaging.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: ntmarta.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: wintypes.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: wintypes.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: wintypes.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: mswsock.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: secur32.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: wbemcomn.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: amsi.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: dpapi.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: rstrtmgr.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: ncrypt.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: ntasn1.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: windowscodecs.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: winmm.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: iphlpapi.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: winhttp.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: secur32.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: sspicli.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: msimg32.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: usp10.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: kernel.appcore.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: uxtheme.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: windows.storage.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: wldp.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: profapi.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: ntmarta.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: firewallapi.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: dnsapi.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: fwbase.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: fwpolicyiomgr.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: cryptsp.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: rsaenh.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: cryptbase.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: netapi32.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: netutils.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: wkscli.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: srvcli.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: netprofm.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: npmproxy.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: dhcpcsvc6.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: dhcpcsvc.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: mswsock.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: rasadhlp.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: fwpuclnt.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: version.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: userenv.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: winmm.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: iphlpapi.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: winhttp.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: secur32.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: sspicli.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: msimg32.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: usp10.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: kernel.appcore.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: uxtheme.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: windows.storage.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: wldp.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: profapi.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: ntmarta.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: windowscodecs.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: thumbcache.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: policymanager.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: msvcp110_win.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: wtsapi32.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: dpapi.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: cryptbase.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: dhcpcsvc6.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: dhcpcsvc.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: ondemandconnroutehelper.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: version.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: userenv.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: mscoree.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: kernel.appcore.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: version.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: vcruntime140_clr0400.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: uxtheme.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: windows.storage.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: wldp.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: profapi.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: cryptsp.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: rsaenh.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: cryptbase.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: dwrite.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: msvcp140_clr0400.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: textshaping.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: textinputframework.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: coreuicomponents.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: coremessaging.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: ntmarta.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: coremessaging.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: wintypes.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: wintypes.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: wintypes.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: mswsock.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: sspicli.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: secur32.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: wbemcomn.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: amsi.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: userenv.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: windowscodecs.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: dpapi.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: rstrtmgr.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: ncrypt.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: ntasn1.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: mscoree.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: kernel.appcore.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: version.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: vcruntime140_clr0400.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: uxtheme.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: windows.storage.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: wldp.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: profapi.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: cryptsp.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: rsaenh.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: cryptbase.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: dwrite.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: msvcp140_clr0400.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: textshaping.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: textinputframework.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: coreuicomponents.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: coremessaging.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: ntmarta.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: wintypes.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: wintypes.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: wintypes.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: mswsock.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: secur32.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: sspicli.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: wbemcomn.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: amsi.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: userenv.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: dpapi.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: rstrtmgr.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: ncrypt.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: ntasn1.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: windowscodecs.dll
                                Source: C:\Users\user\Desktop\SysrI6zSkJ.exeProcess created: C:\Windows\System32\reg.exe REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /V Repository /t REG_SZ /F /D C:\ProgramData\WinNet\gg.exe
                                Source: classification engineClassification label: mal76.troj.spyw.evad.winEXE@39/13@3/4
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: 19_2_69C229A0 FormatMessageA,GetLastError,19_2_69C229A0
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: 19_2_69C5FFEC LaunchGoogleChrome,CoInitializeEx,CoInitializeSecurity,GetCurrentProcessId,GetShellWindow,GetWindowThreadProcessId,LocalFree,OpenProcess,OpenProcessToken,DuplicateTokenEx,ImpersonateLoggedOnUser,CloseHandle,CloseHandle,CloseHandle,LocalFree,LocalFree,CoCreateInstance,RevertToSelf,CoUninitialize,19_2_69C5FFEC
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: 19_2_69C62CE9 LoadResource,LockResource,SizeofResource,19_2_69C62CE9
                                Source: C:\ProgramData\WinNet\gg.exeFile created: C:\Users\user\AppData\Local\SystemCacheJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ad_qipcstobjmtx
                                Source: C:\ProgramData\WinNet\AnyDesk.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ad_qipcmtx_8108_8140_6
                                Source: C:\ProgramData\WinNet\AnyDesk.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ad_qipcmtx_8108_8140_5
                                Source: C:\ProgramData\WinNet\AnyDesk.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ad_mailbox_7872_1400131543_0_mtx
                                Source: C:\ProgramData\WinNet\AnyDesk.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ad_qipcmtx_8108_8140_4
                                Source: C:\ProgramData\WinNet\AnyDesk.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ad_mailbox_8116_1425482725_1_mtx
                                Source: C:\ProgramData\WinNet\AnyDesk.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ad_qipcmtx_8108_8140_3
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7480:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7524:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7768:120:WilError_03
                                Source: C:\ProgramData\WinNet\AnyDesk.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ad_qipcmtx_8116_8164_0
                                Source: C:\ProgramData\WinNet\AnyDesk.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ad_trace_mtx
                                Source: C:\ProgramData\WinNet\AnyDesk.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ad_qipcmtx_8108_8140_12
                                Source: C:\ProgramData\WinNet\AnyDesk.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ad_qipcmtx_8108_8140_11
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7724:120:WilError_03
                                Source: C:\ProgramData\WinNet\gg.exeMutant created: NULL
                                Source: C:\ProgramData\WinNet\AnyDesk.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ad_808_lsystem_mtx
                                Source: C:\ProgramData\WinNet\AnyDesk.exeMutant created: \Sessions\1\BaseNamedObjects\Session\1\ad_connect_queue_8108_1424163146_mtx
                                Source: C:\ProgramData\WinNet\AnyDesk.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ad_qipcmtx_8116_8156_0
                                Source: C:\ProgramData\WinNet\AnyDesk.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ad_qipcmtx_8108_8140_19
                                Source: C:\ProgramData\WinNet\AnyDesk.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ad_mailbox_7872_1400131543_1_mtx
                                Source: C:\ProgramData\WinNet\AnyDesk.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ad_qipcmtx_8108_8140_18
                                Source: C:\ProgramData\WinNet\AnyDesk.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ad_mailbox_8116_1425482725_0_mtx
                                Source: C:\ProgramData\WinNet\AnyDesk.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ad_qipcmtx_8108_8140_13
                                Source: C:\ProgramData\WinNet\AnyDesk.exeFile created: C:\Users\user\AppData\Local\Temp\gcapi.dll
                                Source: C:\Users\user\Desktop\SysrI6zSkJ.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c C:\ProgramData\WinNet\p.vbs
                                Source: SysrI6zSkJ.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
                                Source: C:\ProgramData\WinNet\AnyDesk.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessorId FROM Win32_Processor
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
                                Source: C:\Windows\System32\cmd.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                                Source: C:\Users\user\Desktop\SysrI6zSkJ.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                                Source: SysrI6zSkJ.exeReversingLabs: Detection: 39%
                                Source: AnyDesk.exeString found in binary or memory: Removed multi-install failure key; switching to channel:
                                Source: C:\Users\user\Desktop\SysrI6zSkJ.exeFile read: C:\Users\user\Desktop\SysrI6zSkJ.exeJump to behavior
                                Source: unknownProcess created: C:\Users\user\Desktop\SysrI6zSkJ.exe C:\Users\user\Desktop\SysrI6zSkJ.exe
                                Source: C:\Users\user\Desktop\SysrI6zSkJ.exeProcess created: C:\Windows\System32\reg.exe REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /V Repository /t REG_SZ /F /D C:\ProgramData\WinNet\gg.exe
                                Source: C:\Users\user\Desktop\SysrI6zSkJ.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c C:\ProgramData\WinNet\embedded.exe
                                Source: C:\Windows\System32\reg.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Users\user\Desktop\SysrI6zSkJ.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c C:\ProgramData\WinNet\p.vbs
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\ProgramData\WinNet\embedded.exe C:\ProgramData\WinNet\embedded.exe
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\ProgramData\WinNet\p.vbs"
                                Source: C:\ProgramData\WinNet\embedded.exeProcess created: C:\Windows\System32\reg.exe REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /V Repository /t REG_SZ /F /D C:\ProgramData\WinNet\gg.exe
                                Source: C:\ProgramData\WinNet\embedded.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c C:\ProgramData\WinNet\AnyDesk.exe
                                Source: C:\Windows\System32\reg.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\ProgramData\WinNet\embedded.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c C:\ProgramData\WinNet\p.vbs
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Windows\System32\wscript.exeProcess created: C:\ProgramData\WinNet\gg.exe "C:\ProgramData\WinNet\gg.exe"
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\ProgramData\WinNet\AnyDesk.exe C:\ProgramData\WinNet\AnyDesk.exe
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\ProgramData\WinNet\p.vbs"
                                Source: C:\Windows\System32\wscript.exeProcess created: C:\ProgramData\WinNet\gg.exe "C:\ProgramData\WinNet\gg.exe"
                                Source: C:\ProgramData\WinNet\AnyDesk.exeProcess created: C:\ProgramData\WinNet\AnyDesk.exe "C:\ProgramData\WinNet\AnyDesk.exe" --local-service
                                Source: C:\ProgramData\WinNet\AnyDesk.exeProcess created: C:\ProgramData\WinNet\AnyDesk.exe "C:\ProgramData\WinNet\AnyDesk.exe" --local-control
                                Source: unknownProcess created: C:\ProgramData\WinNet\gg.exe "C:\ProgramData\WinNet\gg.exe"
                                Source: unknownProcess created: C:\ProgramData\WinNet\gg.exe "C:\ProgramData\WinNet\gg.exe"
                                Source: C:\Users\user\Desktop\SysrI6zSkJ.exeProcess created: C:\Windows\System32\reg.exe REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /V Repository /t REG_SZ /F /D C:\ProgramData\WinNet\gg.exeJump to behavior
                                Source: C:\Users\user\Desktop\SysrI6zSkJ.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c C:\ProgramData\WinNet\embedded.exeJump to behavior
                                Source: C:\Users\user\Desktop\SysrI6zSkJ.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c C:\ProgramData\WinNet\p.vbsJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\ProgramData\WinNet\embedded.exe C:\ProgramData\WinNet\embedded.exeJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\ProgramData\WinNet\p.vbs" Jump to behavior
                                Source: C:\ProgramData\WinNet\embedded.exeProcess created: C:\Windows\System32\reg.exe REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /V Repository /t REG_SZ /F /D C:\ProgramData\WinNet\gg.exeJump to behavior
                                Source: C:\ProgramData\WinNet\embedded.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c C:\ProgramData\WinNet\AnyDesk.exeJump to behavior
                                Source: C:\ProgramData\WinNet\embedded.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c C:\ProgramData\WinNet\p.vbsJump to behavior
                                Source: C:\Windows\System32\wscript.exeProcess created: C:\ProgramData\WinNet\gg.exe "C:\ProgramData\WinNet\gg.exe" Jump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\ProgramData\WinNet\AnyDesk.exe C:\ProgramData\WinNet\AnyDesk.exeJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\ProgramData\WinNet\p.vbs"
                                Source: C:\ProgramData\WinNet\AnyDesk.exeProcess created: C:\ProgramData\WinNet\AnyDesk.exe "C:\ProgramData\WinNet\AnyDesk.exe" --local-serviceJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeProcess created: C:\ProgramData\WinNet\AnyDesk.exe "C:\ProgramData\WinNet\AnyDesk.exe" --local-controlJump to behavior
                                Source: C:\Windows\System32\wscript.exeProcess created: C:\ProgramData\WinNet\gg.exe "C:\ProgramData\WinNet\gg.exe"
                                Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32Jump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeWindow found: window name: SysTabControl32Jump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeAutomated click: OK
                                Source: C:\ProgramData\WinNet\gg.exeAutomated click: OK
                                Source: C:\ProgramData\WinNet\gg.exeAutomated click: OK
                                Source: C:\ProgramData\WinNet\gg.exeAutomated click: OK
                                Source: C:\ProgramData\WinNet\gg.exeAutomated click: OK
                                Source: Window RecorderWindow detected: More than 3 window changes detected
                                Source: SysrI6zSkJ.exeStatic PE information: More than 302 > 100 exports found
                                Source: SysrI6zSkJ.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                                Source: SysrI6zSkJ.exeStatic PE information: Image base 0x140000000 > 0x60000000
                                Source: SysrI6zSkJ.exeStatic file information: File size 21906944 > 1048576
                                Source: SysrI6zSkJ.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x29d000
                                Source: SysrI6zSkJ.exeStatic PE information: Raw size of .rdata is bigger than: 0x100000 < 0x105200
                                Source: SysrI6zSkJ.exeStatic PE information: Raw size of snapshot is bigger than: 0x100000 < 0x110e600
                                Source: SysrI6zSkJ.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                                Source: SysrI6zSkJ.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                                Source: SysrI6zSkJ.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                                Source: SysrI6zSkJ.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                                Source: SysrI6zSkJ.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                                Source: SysrI6zSkJ.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                                Source: SysrI6zSkJ.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                Source: SysrI6zSkJ.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                                Source: Binary string: C:\b\build\slave\win\build\src\out\Release\gcapi_dll.dll.pdbGCTL source: AnyDesk.exe, 00000013.00000003.1980331395.0000000004F61000.00000004.00000800.00020000.00000000.sdmp
                                Source: Binary string: C:\Users\anyadmin\Documents\anydesk\release\dwm_dda-64\privacy_feature\privacy_feature.pdb source: AnyDesk.exe, 00000010.00000003.1659830296.0000000003B83000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: C:\Users\anyadmin\Documents\anydesk\release\dwm_dda-64\win_dwm\win_dwm.pdb source: AnyDesk.exe, 00000010.00000003.1659830296.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: C:\b\s\w\ir\x\w\sdk\out\ReleaseX64\dart_precompiled_runtime_product.exe.pdb source: SysrI6zSkJ.exe, 00000000.00000003.2258580120.000001589FD80000.00000004.00001000.00020000.00000000.sdmp, SysrI6zSkJ.exe, 00000000.00000000.1627710192.00007FF75320E000.00000002.00000001.01000000.00000003.sdmp, SysrI6zSkJ.exe, 00000000.00000002.3480634743.00007FF75320E000.00000002.00000001.01000000.00000003.sdmp, embedded.exe, 00000007.00000002.3479713989.00007FF79F51E000.00000002.00000001.01000000.00000004.sdmp, embedded.exe, 00000007.00000000.1635812849.00007FF79F51E000.00000002.00000001.01000000.00000004.sdmp
                                Source: Binary string: C:\Users\anyadmin\Documents\anydesk\release\app-32\win_app\win_app.pdb source: AnyDesk.exe, 00000010.00000003.1659830296.0000000003451000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000013.00000002.3477631483.00000000016E9000.00000002.00000001.01000000.00000009.sdmp
                                Source: Binary string: C:\Users\anyadmin\Documents\anydesk\release\dwm_dda-32\win_dwm\win_dwm.pdb source: AnyDesk.exe, 00000010.00000003.1659830296.0000000003451000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: C:\b\build\slave\win\build\src\out\Release\gcapi_dll.dll.pdb source: AnyDesk.exe, 00000013.00000003.1980331395.0000000004F61000.00000004.00000800.00020000.00000000.sdmp
                                Source: Binary string: SAS.pdbR source: AnyDesk.exe, 00000010.00000003.1659830296.0000000003451000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: C:\Users\anyadmin\Documents\anydesk\release\dwm_dda-32\privacy_feature\privacy_feature.pdb source: AnyDesk.exe, 00000010.00000003.1659830296.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: SAS.pdb source: AnyDesk.exe, 00000010.00000003.1659830296.0000000003451000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: C:\Users\anyadmin\Documents\anydesk\release\app-32\win_loader\AnyDesk.pdb source: AnyDesk.exe, 00000010.00000000.1646823942.0000000001EE3000.00000002.00000001.01000000.00000009.sdmp, AnyDesk.exe, 00000013.00000002.3478942451.0000000001EE3000.00000002.00000001.01000000.00000009.sdmp
                                Source: Binary string: C:\b\s\w\ir\x\w\sdk\out\ReleaseX64\dart_precompiled_runtime_product.exe.pdbd source: SysrI6zSkJ.exe, 00000000.00000003.2258580120.000001589FD80000.00000004.00001000.00020000.00000000.sdmp, SysrI6zSkJ.exe, 00000000.00000000.1627710192.00007FF75320E000.00000002.00000001.01000000.00000003.sdmp, SysrI6zSkJ.exe, 00000000.00000002.3480634743.00007FF75320E000.00000002.00000001.01000000.00000003.sdmp, embedded.exe, 00000007.00000002.3479713989.00007FF79F51E000.00000002.00000001.01000000.00000004.sdmp, embedded.exe, 00000007.00000000.1635812849.00007FF79F51E000.00000002.00000001.01000000.00000004.sdmp
                                Source: SysrI6zSkJ.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                                Source: SysrI6zSkJ.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                                Source: SysrI6zSkJ.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                                Source: SysrI6zSkJ.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                                Source: SysrI6zSkJ.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

                                Data Obfuscation

                                barindex
                                Detected unpacking (changes PE section rights)
                                Source: C:\ProgramData\WinNet\AnyDesk.exeUnpacked PE file: 19.2.AnyDesk.exe.ca0000.0.unpack .text:ER;.itext:W;.rdata:R;.data:W;.rsrc:R;.reloc:R; vs .text:ER;.itext:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;
                                Source: C:\ProgramData\WinNet\AnyDesk.exeUnpacked PE file: 20.2.AnyDesk.exe.ca0000.0.unpack .text:ER;.itext:W;.rdata:R;.data:W;.rsrc:R;.reloc:R; vs .text:ER;.itext:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;
                                Yara detected EXE embedded in BAT file
                                Source: Yara matchFile source: SysrI6zSkJ.exe, type: SAMPLE
                                Source: Yara matchFile source: C:\ProgramData\WinNet\embedded.exe, type: DROPPED
                                Source: gg.exe.0.drStatic PE information: 0xAEA20DC3 [Sat Nov 4 08:52:19 2062 UTC]
                                Source: SysrI6zSkJ.exeStatic PE information: section name: _RDATA
                                Source: SysrI6zSkJ.exeStatic PE information: section name: snapshot
                                Source: embedded.exe.0.drStatic PE information: section name: _RDATA
                                Source: embedded.exe.0.drStatic PE information: section name: snapshot
                                Source: C:\Users\user\Desktop\SysrI6zSkJ.exeCode function: 0_2_000001589FCC0274 push cs; retf 0003h0_2_000001589FCC0277
                                Source: C:\Users\user\Desktop\SysrI6zSkJ.exeCode function: 0_2_000001589FCB627C push esp; ret 0_2_000001589FCB633E
                                Source: C:\Users\user\Desktop\SysrI6zSkJ.exeCode function: 0_2_000001589FCB81A8 push ecx; ret 0_2_000001589FCB82F1
                                Source: C:\Users\user\Desktop\SysrI6zSkJ.exeCode function: 0_2_000001589FCB8048 push ecx; ret 0_2_000001589FCB81A6
                                Source: C:\Users\user\Desktop\SysrI6zSkJ.exeCode function: 0_2_000001589FCB7EDC push ecx; ret 0_2_000001589FCB8045
                                Source: C:\ProgramData\WinNet\embedded.exeCode function: 7_2_0000022F0C4101A8 push ecx; ret 7_2_0000022F0C4102F1
                                Source: C:\ProgramData\WinNet\embedded.exeCode function: 7_2_0000022F0C418274 push cs; retf 0003h7_2_0000022F0C418277
                                Source: C:\ProgramData\WinNet\embedded.exeCode function: 7_2_0000022F0C40E27C push esp; ret 7_2_0000022F0C40E33E
                                Source: C:\ProgramData\WinNet\embedded.exeCode function: 7_2_0000022F0C40FEDC push ecx; ret 7_2_0000022F0C410045
                                Source: C:\ProgramData\WinNet\embedded.exeCode function: 7_2_0000022F0C410048 push ecx; ret 7_2_0000022F0C4101A6
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 15_2_06CB6640 push FFFFFF8Bh; iretd 15_2_06CB664E
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 15_2_06CB6601 push FFFFFF8Bh; iretd 15_2_06CB6603
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 15_2_096AA9D0 push es; ret 15_2_096AA9E6
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 18_2_061D42DC pushad ; ret 18_2_061D42DD
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 18_2_071AB770 push 400718C3h; ret 18_2_071AB775
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: 19_2_69C2FCD0 push ecx; mov dword ptr [esp], 00000000h19_2_69C2FCD7
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: 19_2_69C411DF push ecx; ret 19_2_69C411F2
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: 19_2_69C41676 push ecx; ret 19_2_69C41689
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 21_2_07C04B11 pushfd ; retf 21_2_07C04B12
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 21_2_07C042CC pushad ; ret 21_2_07C042DD
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 21_2_0965A120 pushad ; ret 21_2_0965A121
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 23_2_05A2FA58 push esp; ret 23_2_05A2FA59
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 23_2_06273FF7 pushad ; ret 23_2_062742B5
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 23_2_062739E1 pushfd ; retf 23_2_062739E2
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 23_2_06280500 push eax; retf 23_2_06280501

                                Persistence and Installation Behavior

                                barindex
                                Uses cmd line tools excessively to alter registry or file data
                                Source: C:\Users\user\Desktop\SysrI6zSkJ.exeProcess created: reg.exe
                                Source: C:\ProgramData\WinNet\embedded.exeProcess created: reg.exe
                                Source: C:\Users\user\Desktop\SysrI6zSkJ.exeProcess created: reg.exeJump to behavior
                                Source: C:\ProgramData\WinNet\embedded.exeProcess created: reg.exeJump to behavior
                                Source: C:\Users\user\Desktop\SysrI6zSkJ.exeFile created: C:\ProgramData\WinNet\embedded.exeJump to dropped file
                                Source: C:\ProgramData\WinNet\AnyDesk.exeFile created: C:\Users\user\AppData\Local\Temp\gcapi.dllJump to dropped file
                                Source: C:\Users\user\Desktop\SysrI6zSkJ.exeFile created: C:\ProgramData\WinNet\gg.exeJump to dropped file
                                Source: C:\ProgramData\WinNet\AnyDesk.exeFile created: C:\ProgramData\WinNet\gcapi.dllJump to dropped file
                                Source: C:\ProgramData\WinNet\embedded.exeFile created: C:\ProgramData\WinNet\AnyDesk.exeJump to dropped file
                                Source: C:\Users\user\Desktop\SysrI6zSkJ.exeFile created: C:\ProgramData\WinNet\embedded.exeJump to dropped file
                                Source: C:\Users\user\Desktop\SysrI6zSkJ.exeFile created: C:\ProgramData\WinNet\gg.exeJump to dropped file
                                Source: C:\ProgramData\WinNet\AnyDesk.exeFile created: C:\ProgramData\WinNet\gcapi.dllJump to dropped file
                                Source: C:\ProgramData\WinNet\embedded.exeFile created: C:\ProgramData\WinNet\AnyDesk.exeJump to dropped file
                                Source: C:\Windows\System32\reg.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run RepositoryJump to behavior
                                Source: C:\Windows\System32\reg.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run RepositoryJump to behavior

                                Hooking and other Techniques for Hiding and Protection

                                barindex
                                Hides that the sample has been downloaded from the Internet (zone.identifier)
                                Source: C:\ProgramData\WinNet\AnyDesk.exeFile opened: C:\ProgramData\WinNet\AnyDesk.exe:Zone.Identifier read attributes | deleteJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: 19_2_69C403B7 GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,19_2_69C403B7
                                Source: C:\Users\user\Desktop\SysrI6zSkJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\SysrI6zSkJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\embedded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\embedded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\AnyDesk.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\AnyDesk.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\AnyDesk.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\AnyDesk.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\AnyDesk.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\AnyDesk.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\AnyDesk.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\AnyDesk.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX

                                Malware Analysis System Evasion

                                barindex
                                Queries memory information (via WMI often done to detect virtual machines)
                                Source: C:\ProgramData\WinNet\AnyDesk.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber FROM Win32_PhysicalMemory
                                Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                                Source: C:\ProgramData\WinNet\AnyDesk.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber FROM Win32_DiskDrive
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                                Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
                                Source: C:\ProgramData\WinNet\AnyDesk.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT MACAddress FROM Win32_NetworkAdapter WHERE PhysicalAdapter = TRUE
                                Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
                                Source: C:\ProgramData\WinNet\AnyDesk.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber FROM Win32_PhysicalMemory
                                Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                                Source: C:\ProgramData\WinNet\gg.exeMemory allocated: 3020000 memory reserve | memory write watchJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeMemory allocated: 3240000 memory reserve | memory write watchJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeMemory allocated: 3020000 memory reserve | memory write watchJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeMemory allocated: 1410000 memory reserve | memory write watchJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeMemory allocated: 2F90000 memory reserve | memory write watchJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeMemory allocated: 2CE0000 memory reserve | memory write watchJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeMemory allocated: 1590000 memory reserve | memory write watch
                                Source: C:\ProgramData\WinNet\gg.exeMemory allocated: 30D0000 memory reserve | memory write watch
                                Source: C:\ProgramData\WinNet\gg.exeMemory allocated: 2F00000 memory reserve | memory write watch
                                Source: C:\ProgramData\WinNet\gg.exeMemory allocated: DA0000 memory reserve | memory write watch
                                Source: C:\ProgramData\WinNet\gg.exeMemory allocated: 2800000 memory reserve | memory write watch
                                Source: C:\ProgramData\WinNet\gg.exeMemory allocated: 2590000 memory reserve | memory write watch
                                Source: C:\ProgramData\WinNet\gg.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeThread delayed: delay time: 922337203685477
                                Source: C:\ProgramData\WinNet\AnyDesk.exeThread delayed: delay time: 922337203685477
                                Source: C:\ProgramData\WinNet\AnyDesk.exeThread delayed: delay time: 922337203685477
                                Source: C:\ProgramData\WinNet\AnyDesk.exeThread delayed: delay time: 922337203685477
                                Source: C:\ProgramData\WinNet\gg.exeThread delayed: delay time: 922337203685477
                                Source: C:\ProgramData\WinNet\gg.exeThread delayed: delay time: 922337203685477
                                Source: C:\ProgramData\WinNet\gg.exeThread delayed: delay time: 922337203685477
                                Source: C:\ProgramData\WinNet\gg.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
                                Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-Timer
                                Source: C:\ProgramData\WinNet\AnyDesk.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\gcapi.dllJump to dropped file
                                Source: C:\ProgramData\WinNet\AnyDesk.exeDropped PE file which has not been started: C:\ProgramData\WinNet\gcapi.dllJump to dropped file
                                Source: C:\ProgramData\WinNet\AnyDesk.exeAPI coverage: 2.0 %
                                Source: C:\ProgramData\WinNet\gg.exe TID: 7980Thread sleep count: 157 > 30Jump to behavior
                                Source: C:\ProgramData\WinNet\gg.exe TID: 7980Thread sleep count: 337 > 30Jump to behavior
                                Source: C:\ProgramData\WinNet\gg.exe TID: 2004Thread sleep time: -922337203685477s >= -30000sJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exe TID: 7924Thread sleep time: -922337203685477s >= -30000sJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exe TID: 8084Thread sleep time: -8301034833169293s >= -30000sJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exe TID: 8088Thread sleep time: -922337203685477s >= -30000sJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exe TID: 8084Thread sleep time: -922337203685477s >= -30000sJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exe TID: 8104Thread sleep time: -922337203685477s >= -30000sJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exe TID: 980Thread sleep time: -922337203685477s >= -30000sJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exe TID: 8028Thread sleep time: -922337203685477s >= -30000sJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exe TID: 8168Thread sleep time: -1844674407370954s >= -30000s
                                Source: C:\ProgramData\WinNet\AnyDesk.exe TID: 8172Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\ProgramData\WinNet\AnyDesk.exe TID: 7224Thread sleep time: -30000s >= -30000s
                                Source: C:\ProgramData\WinNet\AnyDesk.exe TID: 8176Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\ProgramData\WinNet\AnyDesk.exe TID: 8168Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\ProgramData\WinNet\gg.exe TID: 1700Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\ProgramData\WinNet\gg.exe TID: 7708Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\ProgramData\WinNet\gg.exe TID: 6092Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\ProgramData\WinNet\gg.exe TID: 7204Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\ProgramData\WinNet\AnyDesk.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber FROM Win32_BaseBoard
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                                Source: C:\ProgramData\WinNet\AnyDesk.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessorId FROM Win32_Processor
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: 19_2_69C5F147 GetLocalTime followed by cmp: cmp dx, 000ch and CTI: jbe 69C5F183h19_2_69C5F147
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: 19_2_69C3F1AA VirtualQuery,GetSystemInfo,19_2_69C3F1AA
                                Source: C:\ProgramData\WinNet\gg.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeThread delayed: delay time: 922337203685477
                                Source: C:\ProgramData\WinNet\AnyDesk.exeThread delayed: delay time: 922337203685477
                                Source: C:\ProgramData\WinNet\AnyDesk.exeThread delayed: delay time: 922337203685477
                                Source: C:\ProgramData\WinNet\AnyDesk.exeThread delayed: delay time: 922337203685477
                                Source: C:\ProgramData\WinNet\gg.exeThread delayed: delay time: 922337203685477
                                Source: C:\ProgramData\WinNet\gg.exeThread delayed: delay time: 922337203685477
                                Source: C:\ProgramData\WinNet\gg.exeThread delayed: delay time: 922337203685477
                                Source: C:\ProgramData\WinNet\gg.exeThread delayed: delay time: 922337203685477
                                Source: SysrI6zSkJ.exe, 00000000.00000003.2258580120.000001589FD80000.00000004.00001000.00020000.00000000.sdmp, SysrI6zSkJ.exe, 00000000.00000000.1627710192.00007FF75320E000.00000002.00000001.01000000.00000003.sdmp, SysrI6zSkJ.exe, 00000000.00000002.3480634743.00007FF75320E000.00000002.00000001.01000000.00000003.sdmp, embedded.exe, 00000007.00000002.3479713989.00007FF79F51E000.00000002.00000001.01000000.00000004.sdmp, embedded.exe, 00000007.00000000.1635812849.00007FF79F51E000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: j2aTPs+9xYa9+bG3tD60B8jzljHz7aRP+KNOjSkVWLjVb3/ubCK1sK9IRQq9qEmU
                                Source: cmd.exe, 0000000C.00000002.1661939794.00000194203D7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                                Source: gg.exe, 0000000F.00000002.1916308697.000000000732A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllg
                                Source: embedded.exe, 00000007.00000000.1635812849.00007FF79F51E000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd
                                Source: SysrI6zSkJ.exe, 00000000.00000002.3474804775.000001589C09C000.00000004.00000020.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1892050409.0000000006590000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                                Source: embedded.exe, 00000007.00000002.3473774282.0000022F09AEB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllKK
                                Source: C:\ProgramData\WinNet\gg.exeProcess information queried: ProcessInformationJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 18_2_0617D648 LdrInitializeThunk,18_2_0617D648
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: 19_2_69C45F8C IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,19_2_69C45F8C
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: 19_2_69C49E6A mov eax, dword ptr fs:[00000030h]19_2_69C49E6A
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: 19_2_69C4B428 GetProcessHeap,19_2_69C4B428
                                Source: C:\ProgramData\WinNet\gg.exeProcess token adjusted: DebugJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess token adjusted: DebugJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: 19_2_69C40FC3 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,19_2_69C40FC3
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: 19_2_69C45F8C IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,19_2_69C45F8C
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: 19_2_69C414B2 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,19_2_69C414B2
                                Source: C:\ProgramData\WinNet\gg.exeMemory allocated: page read and write | page guardJump to behavior
                                Source: C:\Users\user\Desktop\SysrI6zSkJ.exeProcess created: C:\Windows\System32\reg.exe REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /V Repository /t REG_SZ /F /D C:\ProgramData\WinNet\gg.exeJump to behavior
                                Source: C:\Users\user\Desktop\SysrI6zSkJ.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c C:\ProgramData\WinNet\embedded.exeJump to behavior
                                Source: C:\Users\user\Desktop\SysrI6zSkJ.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c C:\ProgramData\WinNet\p.vbsJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\ProgramData\WinNet\embedded.exe C:\ProgramData\WinNet\embedded.exeJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\ProgramData\WinNet\p.vbs" Jump to behavior
                                Source: C:\ProgramData\WinNet\embedded.exeProcess created: C:\Windows\System32\reg.exe REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /V Repository /t REG_SZ /F /D C:\ProgramData\WinNet\gg.exeJump to behavior
                                Source: C:\ProgramData\WinNet\embedded.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c C:\ProgramData\WinNet\AnyDesk.exeJump to behavior
                                Source: C:\ProgramData\WinNet\embedded.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c C:\ProgramData\WinNet\p.vbsJump to behavior
                                Source: C:\Windows\System32\wscript.exeProcess created: C:\ProgramData\WinNet\gg.exe "C:\ProgramData\WinNet\gg.exe" Jump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\ProgramData\WinNet\AnyDesk.exe C:\ProgramData\WinNet\AnyDesk.exeJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\ProgramData\WinNet\p.vbs"
                                Source: C:\Windows\System32\wscript.exeProcess created: C:\ProgramData\WinNet\gg.exe "C:\ProgramData\WinNet\gg.exe"
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: 19_2_69C5F711 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,19_2_69C5F711
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: 19_2_69C4168B cpuid 19_2_69C4168B
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: IsValidCodePage,GetLocaleInfoW,19_2_69C5AD29
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: EnumSystemLocalesW,19_2_69C4EC36
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: EnumSystemLocalesW,19_2_69C5AFB1
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: EnumSystemLocalesW,19_2_69C5AF66
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: GetLocaleInfoW,19_2_69C5AEBD
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: GetLocaleInfoW,19_2_69C4F15E
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,19_2_69C5B0D9
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: EnumSystemLocalesW,19_2_69C5B04C
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: GetLocaleInfoW,19_2_69C5B329
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: GetUserDefaultUILanguage,GetLocaleInfoW,GetLocaleInfoW,19_2_69C3D200
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: GetLocaleInfoW,19_2_69C5B559
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,19_2_69C5B452
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,19_2_69C5B626
                                Source: C:\ProgramData\WinNet\AnyDesk.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                                Source: C:\Users\user\Desktop\SysrI6zSkJ.exeQueries volume information: C:\Users\user\Desktop\SysrI6zSkJ.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\SysrI6zSkJ.exeQueries volume information: C:\Users\user\Desktop\SysrI6zSkJ.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\SysrI6zSkJ.exeQueries volume information: C:\Users\user\Desktop\SysrI6zSkJ.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\SysrI6zSkJ.exeQueries volume information: C:\Users\user\Desktop\SysrI6zSkJ.exe VolumeInformationJump to behavior
                                Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\ProgramData\WinNet\embedded.exeQueries volume information: C:\ProgramData\WinNet\embedded.exe VolumeInformationJump to behavior
                                Source: C:\ProgramData\WinNet\embedded.exeQueries volume information: C:\ProgramData\WinNet\embedded.exe VolumeInformationJump to behavior
                                Source: C:\ProgramData\WinNet\embedded.exeQueries volume information: C:\ProgramData\WinNet\embedded.exe VolumeInformationJump to behavior
                                Source: C:\ProgramData\WinNet\embedded.exeQueries volume information: C:\ProgramData\WinNet\embedded.exe VolumeInformationJump to behavior
                                Source: C:\ProgramData\WinNet\embedded.exeQueries volume information: C:\ProgramData\WinNet\gg.exe VolumeInformationJump to behavior
                                Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
                                Source: C:\ProgramData\WinNet\gg.exeQueries volume information: C:\ProgramData\WinNet\gg.exe VolumeInformationJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeQueries volume information: C:\ProgramData\WinNet\gg.exe VolumeInformationJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeQueries volume information: C:\ProgramData\WinNet\gg.exe VolumeInformation
                                Source: C:\ProgramData\WinNet\gg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                                Source: C:\ProgramData\WinNet\gg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                                Source: C:\ProgramData\WinNet\gg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                                Source: C:\ProgramData\WinNet\gg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
                                Source: C:\ProgramData\WinNet\gg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
                                Source: C:\ProgramData\WinNet\gg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
                                Source: C:\ProgramData\WinNet\gg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
                                Source: C:\ProgramData\WinNet\gg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                Source: C:\ProgramData\WinNet\gg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                                Source: C:\ProgramData\WinNet\gg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
                                Source: C:\ProgramData\WinNet\gg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
                                Source: C:\ProgramData\WinNet\gg.exeQueries volume information: C:\ProgramData\WinNet\gg.exe VolumeInformation
                                Source: C:\ProgramData\WinNet\gg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                                Source: C:\ProgramData\WinNet\gg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                                Source: C:\ProgramData\WinNet\gg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                                Source: C:\ProgramData\WinNet\gg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
                                Source: C:\ProgramData\WinNet\gg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
                                Source: C:\ProgramData\WinNet\gg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
                                Source: C:\ProgramData\WinNet\gg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
                                Source: C:\ProgramData\WinNet\gg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                Source: C:\ProgramData\WinNet\gg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                                Source: C:\ProgramData\WinNet\gg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
                                Source: C:\ProgramData\WinNet\gg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
                                Source: C:\Users\user\Desktop\SysrI6zSkJ.exeCode function: 0_2_00007FF7531D3D00 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF7531D3D00
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: 19_2_69C505C6 _free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,19_2_69C505C6
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: 19_2_69C32A20 GetCurrentProcess,GetModuleHandleW,GetProcAddress,GetVersionExW,GetNativeSystemInfo,GetModuleHandleW,GetProcAddress,19_2_69C32A20
                                Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                                Source: gg.exe, 0000000F.00000002.1918737974.000000000942A000.00000004.00000020.00020000.00000000.sdmp, gg.exe, 0000000F.00000002.1918966607.000000000946B000.00000004.00000020.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1894257879.0000000008F1C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct

                                Stealing of Sensitive Information

                                barindex
                                Yara detected RedLine Stealer
                                Source: Yara matchFile source: dump.pcap, type: PCAP
                                Source: Yara matchFile source: 15.0.gg.exe.d60000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 7.2.embedded.exe.22f0bb80098.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 7.2.embedded.exe.22f0bb80098.0.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 0.3.SysrI6zSkJ.exe.1589e200098.1.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 0.3.SysrI6zSkJ.exe.1589e200098.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 00000000.00000003.2259823166.000001589E200000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000007.00000002.3477005535.0000022F0BB80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000017.00000002.2127671016.0000000002895000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000015.00000002.2056075495.0000000003165000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000F.00000000.1644111512.0000000000D62000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: Process Memory Space: SysrI6zSkJ.exe PID: 7432, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: embedded.exe PID: 7592, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: gg.exe PID: 7788, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: gg.exe PID: 8008, type: MEMORYSTR
                                Source: Yara matchFile source: C:\ProgramData\WinNet\gg.exe, type: DROPPED
                                Found many strings related to Crypto-Wallets (likely being stolen)
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ElectrumE#
                                Source: gg.exe, 0000000F.00000002.1905680590.0000000003616000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: $^q1C:\Users\user\AppData\Roaming\Electrum\wallets\*
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: JaxxE#
                                Source: gg.exe, 0000000F.00000002.1905680590.0000000003616000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %appdata%\Exodus\exodus.walletLR^q
                                Source: gg.exe, 0000000F.00000002.1905680590.0000000003616000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %appdata%\Ethereum\walletsLR^q
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ExodusE#
                                Source: gg.exe, 0000000F.00000002.1905680590.0000000003616000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: $^q%appdata%`,^qdC:\Users\user\AppData\Roaming`,^qdC:\Users\user\AppData\Roaming\Binance
                                Source: gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: EthereumE#
                                Source: gg.exe, 0000000F.00000002.1905680590.0000000003616000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: $^q&%localappdata%\Coinomi\Coinomi\walletsLR^q
                                Source: gg.exe, 0000000F.00000002.1905680590.0000000003616000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: $^q5C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\*
                                Tries to harvest and steal browser information (history, passwords, etc)
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
                                Tries to steal Crypto Currency Wallets
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Jump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\Cache\Jump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\db\Jump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\Jump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Jump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\Jump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Jump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\Cache\Jump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\db\Jump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\Jump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Jump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\Jump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Roaming\atomic\
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Roaming\Binance\
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\Cache\
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\db\
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Roaming\atomic\
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Roaming\Binance\
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\Cache\
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\db\
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\
                                Source: Yara matchFile source: 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000017.00000002.2127671016.0000000002895000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000015.00000002.2056075495.0000000003165000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000F.00000002.1905680590.0000000003616000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: Process Memory Space: gg.exe PID: 7788, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: gg.exe PID: 8008, type: MEMORYSTR

                                Remote Access Functionality

                                barindex
                                Yara detected RedLine Stealer
                                Source: Yara matchFile source: dump.pcap, type: PCAP
                                Source: Yara matchFile source: 15.0.gg.exe.d60000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 7.2.embedded.exe.22f0bb80098.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 7.2.embedded.exe.22f0bb80098.0.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 0.3.SysrI6zSkJ.exe.1589e200098.1.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 0.3.SysrI6zSkJ.exe.1589e200098.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 00000000.00000003.2259823166.000001589E200000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000007.00000002.3477005535.0000022F0BB80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000017.00000002.2127671016.0000000002895000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000015.00000002.2056075495.0000000003165000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000F.00000000.1644111512.0000000000D62000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: Process Memory Space: SysrI6zSkJ.exe PID: 7432, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: embedded.exe PID: 7592, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: gg.exe PID: 7788, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: gg.exe PID: 8008, type: MEMORYSTR
                                Source: Yara matchFile source: C:\ProgramData\WinNet\gg.exe, type: DROPPED

                                Mitre Att&ck Matrix

                                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                                Gather Victim Identity Information11
                                Scripting                                		1
                                Valid Accounts                                		531
                                Windows Management Instrumentation                                		11
                                Scripting                                		1
                                DLL Side-Loading                                		1
                                Disable or Modify Tools                                		1
                                OS Credential Dumping                                		12
                                System Time Discovery                                		Remote Services1
                                Archive Collected Data                                		12
                                Encrypted Channel                                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                                CredentialsDomainsDefault Accounts12
                                Command and Scripting Interpreter                                		1
                                DLL Side-Loading                                		1
                                Valid Accounts                                		1
                                Deobfuscate/Decode Files or Information                                		21
                                Input Capture                                		1
                                File and Directory Discovery                                		Remote Desktop Protocol3
                                Data from Local System                                		1
                                Non-Standard Port                                		Exfiltration Over BluetoothNetwork Denial of Service
                                Email AddressesDNS ServerDomain AccountsAt1
                                Valid Accounts                                		1
                                Access Token Manipulation                                		3
                                Obfuscated Files or Information                                		Security Account Manager156
                                System Information Discovery                                		SMB/Windows Admin Shares21
                                Input Capture                                		2
                                Non-Application Layer Protocol                                		Automated ExfiltrationData Encrypted for Impact
                                Employee NamesVirtual Private ServerLocal AccountsCron1
                                Registry Run Keys / Startup Folder                                		11
                                Process Injection                                		1
                                Software Packing                                		NTDS651
                                Security Software Discovery                                		Distributed Component Object ModelInput Capture13
                                Application Layer Protocol                                		Traffic DuplicationData Destruction
                                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script1
                                Registry Run Keys / Startup Folder                                		1
                                Timestomp                                		LSA Secrets1
                                Process Discovery                                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                                DLL Side-Loading                                		Cached Domain Credentials441
                                Virtualization/Sandbox Evasion                                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                                Masquerading                                		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                                Valid Accounts                                		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                                Modify Registry                                		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                                IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
                                Access Token Manipulation                                		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                                Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd441
                                Virtualization/Sandbox Evasion                                		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
                                Gather Victim Org InformationDNS ServerCompromise Software Supply ChainWindows Command ShellScheduled TaskScheduled Task11
                                Process Injection                                		KeyloggingProcess DiscoveryTaint Shared ContentScreen CaptureDNSExfiltration Over Physical MediumResource Hijacking
                                Determine Physical LocationsVirtual Private ServerCompromise Hardware Supply ChainUnix ShellSystemd TimersSystemd Timers1
                                Hidden Files and Directories                                		GUI Input CapturePermission Groups DiscoveryReplication Through Removable MediaEmail CollectionProxyExfiltration over USBNetwork Denial of Service

                                Behavior Graph

                                Hide Legend

                                Legend:

                                • Process
                                • Signature
                                • Created File
                                • DNS/IP Info
                                • Is Dropped
                                • Is Windows Process
                                • Number of created Registry Values
                                • Number of created Files
                                • Visual Basic
                                • Delphi
                                • Java
                                • .Net C# or VB.NET
                                • C, C++ or other language
                                • Is malicious
                                • Internet
                                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1402122 Sample: SysrI6zSkJ.exe Startdate: 03/03/2024 Architecture: WINDOWS Score: 76 79 relay-d7627e96.net.anydesk.com 2->79 81 d1atxff5avezsq.cloudfront.net 2->81 83 2 other IPs or domains 2->83 95 Snort IDS alert for network traffic 2->95 97 Found malware configuration 2->97 99 Multi AV Scanner detection for submitted file 2->99 101 4 other signatures 2->101 11 SysrI6zSkJ.exe 4 2->11         started        15 gg.exe 2->15         started        17 gg.exe 2->17         started        signatures3 process4 file5 69 C:\ProgramData\WinNet\gg.exe, PE32 11->69 dropped 71 C:\ProgramData\WinNet\embedded.exe, PE32+ 11->71 dropped 73 C:\ProgramData\WinNet\p.vbs, ASCII 11->73 dropped 109 Uses cmd line tools excessively to alter registry or file data 11->109 19 cmd.exe 1 11->19         started        21 cmd.exe 3 2 11->21         started        23 reg.exe 1 1 11->23         started        111 Tries to harvest and steal browser information (history, passwords, etc) 15->111 113 Tries to steal Crypto Currency Wallets 15->113 signatures6 process7 process8 25 embedded.exe 1 19->25         started        29 conhost.exe 19->29         started        31 wscript.exe 1 21->31         started        33 conhost.exe 21->33         started        35 conhost.exe 23->35         started        file9 67 C:\ProgramData\WinNet\AnyDesk.exe, PE32 25->67 dropped 103 Multi AV Scanner detection for dropped file 25->103 105 Uses cmd line tools excessively to alter registry or file data 25->105 37 cmd.exe 1 25->37         started        39 cmd.exe 25->39         started        41 reg.exe 1 25->41         started        107 Windows Scripting host queries suspicious COM object (likely to drop second stage) 31->107 43 gg.exe 5 4 31->43         started        signatures10 process11 dnsIp12 47 AnyDesk.exe 14 37->47         started        50 conhost.exe 37->50         started        52 wscript.exe 39->52         started        54 conhost.exe 39->54         started        56 conhost.exe 41->56         started        91 67.203.7.148, 2909, 49729, 49730 AS-COLOAMUS United States 43->91 115 Multi AV Scanner detection for dropped file 43->115 117 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 43->117 119 Found many strings related to Crypto-Wallets (likely being stolen) 43->119 121 2 other signatures 43->121 signatures13 process14 signatures15 123 Detected unpacking (changes PE section rights) 47->123 125 Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines) 47->125 127 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 47->127 129 3 other signatures 47->129 58 AnyDesk.exe 47->58         started        62 AnyDesk.exe 47->62         started        64 gg.exe 5 2 52->64         started        process16 dnsIp17 85 boot.net.anydesk.com 37.59.29.33, 443, 49731, 49732 OVHFR France 58->85 87 18.173.219.116, 49735, 80 MIT-GATEWAYSUS United States 58->87 89 relay-d7627e96.net.anydesk.com 64.31.23.30, 443, 49733, 49734 LIMESTONENETWORKSUS United States 58->89 75 C:\Users\user\AppData\Local\Temp\gcapi.dll, PE32 58->75 dropped 77 C:\ProgramData\WinNet\gcapi.dll, PE32 58->77 dropped 93 Tries to steal Crypto Currency Wallets 64->93 file18 signatures19

                                Screenshots

                                Thumbnails

                                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                                windows-stand

                                Antivirus, Machine Learning and Genetic Malware Detection

                                Initial Sample

                                SourceDetectionScannerLabelLink
                                SysrI6zSkJ.exe39%ReversingLabsWin64.Spyware.RedLine

                                Dropped Files

                                SourceDetectionScannerLabelLink
                                C:\ProgramData\WinNet\AnyDesk.exe0%ReversingLabs
                                C:\ProgramData\WinNet\embedded.exe58%ReversingLabsWin64.Spyware.RedLine
                                C:\ProgramData\WinNet\gcapi.dll0%ReversingLabs
                                C:\ProgramData\WinNet\gg.exe71%ReversingLabsByteCode-MSIL.Trojan.RedlineStealer
                                C:\Users\user\AppData\Local\Temp\gcapi.dll0%ReversingLabs

                                Unpacked PE Files

                                No Antivirus matches

                                Domains

                                No Antivirus matches

                                URLs

                                SourceDetectionScannerLabelLink
                                https://api.ip.sb/ip0%URL Reputationsafe
                                http://tempuri.org/0%Avira URL Cloudsafe
                                http://tempuri.org/Entity/Id2Response0%Avira URL Cloudsafe
                                http://tempuri.org/Entity/Id15Response0%Avira URL Cloudsafe
                                http://tempuri.org/Entity/Id21Response0%Avira URL Cloudsafe
                                http://tempuri.org/Entity/Id23ResponseD0%Avira URL Cloudsafe
                                http://tempuri.org/Entity/Id13ResponseD0%Avira URL Cloudsafe
                                http://tempuri.org/Entity/Id1ResponseD0%Avira URL Cloudsafe
                                http://tempuri.org/Entity/Id12Response0%Avira URL Cloudsafe
                                http://tempuri.org/Entity/Id6ResponseD0%Avira URL Cloudsafe
                                67.203.7.148:29090%Avira URL Cloudsafe
                                http://tempuri.org/Entity/Id21ResponseD0%Avira URL Cloudsafe
                                http://tempuri.org/Entity/Id10ResponseD0%Avira URL Cloudsafe
                                http://tempuri.org/Entity/Id5Response0%Avira URL Cloudsafe
                                http://tempuri.org/Entity/Id24Response0%Avira URL Cloudsafe
                                http://tempuri.org/Entity/Id15ResponseD0%Avira URL Cloudsafe
                                http://tempuri.org/Entity/Id8Response0%Avira URL Cloudsafe
                                http://tempuri.org/Entity/Id10Response0%Avira URL Cloudsafe
                                https://dartbug.com/52121.0%Avira URL Cloudsafe
                                http://tempuri.org/D0%Avira URL Cloudsafe
                                http://tempuri.org/Entity/Id13Response0%Avira URL Cloudsafe
                                http://tempuri.org/Entity/Id12ResponseD0%Avira URL Cloudsafe
                                http://tempuri.org/Entity/Id7ResponseD0%Avira URL Cloudsafe

                                Domains and IPs

                                Contacted Domains

                                NameIPActiveMaliciousAntivirus DetectionReputation
                                d1atxff5avezsq.cloudfront.net
                                		18.173.219.85
                                		truefalse
                                  		high
                                  boot.net.anydesk.com
                                  		37.59.29.33
                                  		truefalse
                                    		high
                                    relay-d7627e96.net.anydesk.com
                                    		64.31.23.30
                                    		truefalse
                                      		high
                                      api.playanext.com
                                      		unknown
                                      		unknownfalse
                                        		unknown

                                        Contacted URLs

                                        NameMaliciousAntivirus DetectionReputation
                                        67.203.7.148:2909true
                                        • Avira URL Cloud: safe
                                        		unknown

                                        URLs from Memory and Binaries

                                        NameSourceMaliciousAntivirus DetectionReputation
                                        http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Textgg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://schemas.xmlsoap.org/ws/2005/02/sc/sctgg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://duckduckgo.com/chrome_newtabgg.exe, 0000000F.00000002.1909250900.0000000004301000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://schemas.xmlsoap.org/ws/2004/04/security/sc/dkgg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                https://duckduckgo.com/ac/?q=gg.exe, 0000000F.00000002.1909250900.0000000004301000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1888129500.00000000042F6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://support.anydesk.com/knowledge/usersAnyDesk.exe, 00000010.00000003.1659830296.0000000003451000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1667333177.000000000498B000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000013.00000002.3477631483.00000000016E9000.00000002.00000001.01000000.00000009.sdmpfalse
                                                    		high
                                                    http://tempuri.org/Entity/Id23ResponseDgg.exe, 0000000F.00000002.1905680590.0000000003797000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003332000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://support.google.com/chrome/contact/chromeuninstall3?hl=$1AnyDesk.exefalse
                                                      		high
                                                      https://anydesk.com/updateAnyDesk.exe, 00000010.00000003.1659830296.0000000003451000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1667333177.000000000498B000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000013.00000002.3477631483.00000000016E9000.00000002.00000001.01000000.00000009.sdmpfalse
                                                        		high
                                                        http://tempuri.org/Entity/Id12Responsegg.exe, 0000000F.00000002.1905680590.000000000324C000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000002F91000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://tempuri.org/gg.exe, 0000000F.00000002.1905680590.000000000324C000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000002F91000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://tempuri.org/Entity/Id2Responsegg.exe, 0000000F.00000002.1905680590.000000000324C000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000002F91000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://tempuri.org/Entity/Id21Responsegg.exe, 0000000F.00000002.1905680590.000000000324C000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000002F91000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrapgg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLIDgg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://tempuri.org/Entity/Id6ResponseDgg.exe, 0000000F.00000002.1905680590.0000000003793000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.00000000032A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecretgg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://datatracker.ietf.org/ipr/1526/AnyDesk.exe, 00000010.00000003.1659830296.0000000003451000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000013.00000002.3477631483.00000000016E9000.00000002.00000001.01000000.00000009.sdmp, AnyDesk.exe, 00000013.00000003.1678141318.0000000003182000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://policies.google.com/privacy?hl=$AnyDesk.exe, 00000010.00000003.1659830296.0000000003451000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1667333177.000000000498B000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000013.00000002.3477631483.00000000016E9000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                    		high
                                                                    https://help.anydesk.comAnyDesk.exe, 00000010.00000003.1659830296.0000000003451000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1667333177.000000000498B000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000013.00000002.3477631483.00000000016E9000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                      		high
                                                                      http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issuegg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://schemas.xmlsoap.org/ws/2004/10/wsat/Abortedgg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequencegg.exe, 0000000F.00000002.1905680590.000000000324C000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000002F91000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://tempuri.org/Entity/Id13ResponseDgg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.00000000032F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://schemas.xmlsoap.org/ws/2004/10/wsat/faultgg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://schemas.xmlsoap.org/ws/2004/10/wsatgg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://support.anydesk.com/knowledge/what-is-full-client-managementAnyDesk.exe, 00000010.00000003.1659830296.0000000003451000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1667333177.000000000498B000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000013.00000002.3477631483.00000000016E9000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                                  		high
                                                                                  http://tempuri.org/Entity/Id15Responsegg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 0000000F.00000002.1905680590.000000000324C000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000002F91000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  https://support.anydesk.com/knowledge/account-migrationAnyDesk.exe, 00000010.00000003.1659830296.0000000003451000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1667333177.000000000498B000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000013.00000002.3477631483.00000000016E9000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                                    		high
                                                                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namegg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renewgg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://schemas.xmlsoap.org/ws/2004/10/wscoor/Registergg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKeygg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://help.anydesk.com/AnyDesk.exe, 00000013.00000002.3477631483.00000000016E9000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                                              		high
                                                                                              https://api.ip.sb/ipSysrI6zSkJ.exe, 00000000.00000003.2259823166.000001589E200000.00000004.00001000.00020000.00000000.sdmp, embedded.exe, 00000007.00000002.3477005535.0000022F0BB80000.00000004.00001000.00020000.00000000.sdmp, gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 0000000F.00000000.1644111512.0000000000D62000.00000002.00000001.01000000.00000007.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              • URL Reputation: safe
                                                                                              		unknown
                                                                                              https://support.anydesk.com/knowledge/status-anynet_overloadAnyDesk.exe, 00000010.00000003.1659830296.0000000003451000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1667333177.000000000498B000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000013.00000002.3477631483.00000000016E9000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                                                		high
                                                                                                https://anydesk.com/contact/sales)AnyDesk.exe, 00000013.00000003.1678141318.0000000003182000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://tempuri.org/Entity/Id1ResponseDgg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancelgg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=gg.exe, 0000000F.00000002.1909250900.0000000004301000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1888129500.00000000042F6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://tempuri.org/Entity/Id24Responsegg.exe, 0000000F.00000002.1905680590.000000000324C000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000002F91000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        https://www.ecosia.org/newtab/gg.exe, 0000000F.00000002.1909250900.0000000004301000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1888129500.00000000042F6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequestedgg.exe, 0000000F.00000002.1905680590.000000000324C000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000002F91000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnegogg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://tempuri.org/Entity/Id21ResponseDgg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              https://anydesk.com/en/assemblyAnyDesk.exe, 00000010.00000003.1659830296.0000000003451000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000013.00000002.3477631483.00000000016E9000.00000002.00000001.01000000.00000009.sdmp, AnyDesk.exe, 00000013.00000003.1678141318.0000000003182000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://schemas.xmlsoap.org/ws/2004/08/addressinggg.exe, 0000000F.00000002.1905680590.000000000324C000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000002F91000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://support.google.com/chrome/contact/chromeuninstall3?hl=$1microsoft-edge:openFailedAnyDesk.exe, 00000013.00000003.1980331395.0000000004F61000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issuegg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://datatracker.ietf.org/ipr/1524/AnyDesk.exe, 00000010.00000003.1659830296.0000000003451000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000013.00000002.3477631483.00000000016E9000.00000002.00000001.01000000.00000009.sdmp, AnyDesk.exe, 00000013.00000003.1678141318.0000000003182000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://my.anydesk.com/v2AnyDesk.exe, 00000013.00000002.3477631483.00000000016E9000.00000002.00000001.01000000.00000009.sdmp, AnyDesk.exe, 00000013.00000003.1678141318.0000000003182000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://anydesk.com/company#imprintAnyDesk.exe, 00000010.00000003.1659830296.0000000003451000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1667333177.000000000498B000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000013.00000002.3477631483.00000000016E9000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://tempuri.org/Entity/Id10ResponseDgg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.00000000032F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            • Avira URL Cloud: safe
                                                                                                                            		unknown
                                                                                                                            http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponsegg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://www.openssl.org/)AnyDesk.exe, 00000013.00000003.1678141318.0000000003182000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://anydesk.com/pricing/teams)AnyDesk.exe, 00000013.00000003.1678141318.0000000003182000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://anydesk.com/eybAnyDesk.exe, 00000010.00000003.1667415426.00000000049E0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1667139623.00000000049D9000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1667012404.00000000049CF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://schemas.xmlsoap.org/ws/2004/08/addressing/faultHgg.exe, 00000012.00000002.1885800670.0000000002F91000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://tempuri.org/Entity/Id5Responsegg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 0000000F.00000002.1905680590.000000000324C000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000002F91000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                      		unknown
                                                                                                                                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dnsgg.exe, 0000000F.00000002.1905680590.000000000324C000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000002F91000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://tempuri.org/Entity/Id15ResponseDgg.exe, 0000000F.00000002.1905680590.0000000003616000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                        		unknown
                                                                                                                                        http://tempuri.org/Entity/Id10Responsegg.exe, 0000000F.00000002.1905680590.000000000324C000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000002F91000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                        		unknown
                                                                                                                                        http://schemas.xmlsoap.org/ws/2005/02/trust/Renewgg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://tempuri.org/Entity/Id8Responsegg.exe, 0000000F.00000002.1905680590.000000000324C000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 0000000F.00000002.1905680590.0000000003797000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000002F91000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                          		unknown
                                                                                                                                          http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionIDgg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://www.gimp.org/xmp/AnyDesk.exe, 00000010.00000003.1659830296.0000000003451000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000013.00000002.3477631483.00000000016E9000.00000002.00000001.01000000.00000009.sdmp, AnyDesk.exe, 00000013.00000003.1678141318.0000000003182000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCTgg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://schemas.xmlsoap.org/ws/2006/02/addressingidentitygg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://anydesk.com/de/datenschutzAnyDesk.exe, 00000013.00000003.1678141318.0000000003182000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKeygg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://dartbug.com/52121.embedded.exe, 00000007.00000000.1635812849.00007FF79F51E000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                                      		unknown
                                                                                                                                                      http://schemas.xmlsoap.org/ws/2005/05/identity/right/possesspropertyhgg.exe, 00000012.00000002.1885800670.0000000002F91000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://my.anydesk.comAnyDesk.exe, 00000010.00000003.1659830296.0000000003451000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1667333177.000000000498B000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000013.00000002.3477631483.00000000016E9000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollbackgg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://www.openssl.org/support/faq.htmlAnyDesk.exe, 00000010.00000003.1659830296.0000000003451000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000013.00000002.3477631483.00000000016E9000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCTgg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://tempuri.org/Dgg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                                		unknown
                                                                                                                                                                https://anydesk.com/le_AnyDesk.exe, 00000010.00000003.1667415426.00000000049E0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1667139623.00000000049D9000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1667012404.00000000049CF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://schemas.xmlsoap.org/ws/2004/06/addressingexgg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://github.com/dart-lang/sdk/blob/master/runtime/docs/compiler/aot/entry_point_pragma.mdembedded.exe, 00000007.00000000.1635812849.00007FF79F51E000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      http://schemas.xmlsoap.org/ws/2004/04/security/trust/Noncegg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponsegg.exe, 0000000F.00000002.1905680590.000000000324C000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000002F91000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://anydesk.com/pricing/teamsAnyDesk.exe, 00000010.00000003.1659830296.0000000003451000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1667333177.000000000498B000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000013.00000002.3477631483.00000000016E9000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://tempuri.org/Entity/Id13Responsegg.exe, 0000000F.00000002.1905680590.000000000324C000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000002F91000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                                                              		unknown
                                                                                                                                                                              http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdgg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifgg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  http://tempuri.org/Entity/Id12ResponseDgg.exe, 0000000F.00000002.1905680590.00000000035BE000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.00000000032F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                                                                  		unknown
                                                                                                                                                                                  http://schemas.xmlsoap.org/ws/2004/10/wsat/Committedgg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://anydesk.com/en/assembly/termsAnyDesk.exe, 00000010.00000003.1659830296.0000000003451000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000013.00000002.3477631483.00000000016E9000.00000002.00000001.01000000.00000009.sdmp, AnyDesk.exe, 00000013.00000003.1678141318.0000000003182000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1gg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          http://schemas.xmlsoap.org/ws/2005/05/identity/right/possesspropertygg.exe, 0000000F.00000002.1905680590.000000000324C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://support.anydesk.comAnyDesk.exe, 00000013.00000002.3477631483.00000000016E9000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              http://schemas.xmlsoap.org/ws/2004/04/security/sc/sctgg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://support.anydesk.com/knowledge/waiting-for-image-black-screenAnyDesk.exefalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  http://tempuri.org/Entity/Id7ResponseDgg.exe, 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1885800670.00000000032A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                                                                                  		unknown

                                                                                                                                                                                                  World Map of Contacted IPs

                                                                                                                                                                                                  • No. of IPs < 25%
                                                                                                                                                                                                  • 25% < No. of IPs < 50%
                                                                                                                                                                                                  • 50% < No. of IPs < 75%
                                                                                                                                                                                                  • 75% < No. of IPs

                                                                                                                                                                                                  Public IPs

                                                                                                                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                  64.31.23.30
                                                                                                                                                                                                  		relay-d7627e96.net.anydesk.comUnited States
                                                                                                                                                                                                  		46475LIMESTONENETWORKSUSfalse
                                                                                                                                                                                                  67.203.7.148
                                                                                                                                                                                                  		unknownUnited States
                                                                                                                                                                                                  		21769AS-COLOAMUStrue
                                                                                                                                                                                                  18.173.219.116
                                                                                                                                                                                                  		unknownUnited States
                                                                                                                                                                                                  		3MIT-GATEWAYSUSfalse
                                                                                                                                                                                                  37.59.29.33
                                                                                                                                                                                                  		boot.net.anydesk.comFrance
                                                                                                                                                                                                  		16276OVHFRfalse

                                                                                                                                                                                                  General Information

                                                                                                                                                                                                  Joe Sandbox version:40.0.0 Tourmaline
                                                                                                                                                                                                  Analysis ID:1402122
                                                                                                                                                                                                  Start date and time:2024-03-03 13:42:12 +01:00
                                                                                                                                                                                                  Joe Sandbox product:CloudBasic
                                                                                                                                                                                                  Overall analysis duration:0h 11m 1s
                                                                                                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                                                                                                  Report type:full
                                                                                                                                                                                                  Cookbook file name:default.jbs
                                                                                                                                                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                  Run name:Run with higher sleep bypass
                                                                                                                                                                                                  Number of analysed new started processes analysed:27
                                                                                                                                                                                                  Number of new started drivers analysed:0
                                                                                                                                                                                                  Number of existing processes analysed:0
                                                                                                                                                                                                  Number of existing drivers analysed:0
                                                                                                                                                                                                  Number of injected processes analysed:0
                                                                                                                                                                                                  Technologies:
                                                                                                                                                                                                  • HCA enabled
                                                                                                                                                                                                  • EGA enabled
                                                                                                                                                                                                  • AMSI enabled
                                                                                                                                                                                                  Analysis Mode:default
                                                                                                                                                                                                  Analysis stop reason:Timeout
                                                                                                                                                                                                  Sample name:SysrI6zSkJ.exe
                                                                                                                                                                                                  renamed because original name is a hash value
                                                                                                                                                                                                  Original Sample Name:2e501240ec8b9aab46d76a6504e44882.exe
                                                                                                                                                                                                  Detection:MAL
                                                                                                                                                                                                  Classification:mal76.troj.spyw.evad.winEXE@39/13@3/4
                                                                                                                                                                                                  EGA Information:
                                                                                                                                                                                                  • Successful, ratio: 62.5%
                                                                                                                                                                                                  HCA Information:
                                                                                                                                                                                                  • Successful, ratio: 63%
                                                                                                                                                                                                  • Number of executed functions: 220
                                                                                                                                                                                                  • Number of non-executed functions: 151
                                                                                                                                                                                                  Cookbook Comments:
                                                                                                                                                                                                  • Found application associated with file extension: .exe
                                                                                                                                                                                                  • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

                                                                                                                                                                                                  Warnings

                                                                                                                                                                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                                                                                                                  • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                  • Execution Graph export aborted for target AnyDesk.exe, PID 8116 because there are no executed function
                                                                                                                                                                                                  • Execution Graph export aborted for target SysrI6zSkJ.exe, PID 7432 because it is empty
                                                                                                                                                                                                  • Execution Graph export aborted for target embedded.exe, PID 7592 because it is empty
                                                                                                                                                                                                  • HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                  • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                  • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                  • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                                                                  • VT rate limit hit for: SysrI6zSkJ.exe

                                                                                                                                                                                                  Simulations

                                                                                                                                                                                                  Behavior and APIs

                                                                                                                                                                                                  TimeTypeDescription
                                                                                                                                                                                                  12:42:59AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Repository C:\ProgramData\WinNet\gg.exe
                                                                                                                                                                                                  12:43:13AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Repository C:\ProgramData\WinNet\gg.exe
                                                                                                                                                                                                  13:43:34API Interceptor61x Sleep call for process: AnyDesk.exe modified

                                                                                                                                                                                                  Joe Sandbox View / Context

                                                                                                                                                                                                  IPs

                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                  64.31.23.30LiveChat.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      loligang.x86Get hashmaliciousMiraiBrowse
                                                                                                                                                                                                        67.203.7.148Ihlya7zz0r.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                          18.173.219.116https://www.pdfforge.org/pdfcreator/downloadGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            37.59.29.33anydesk.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                AnyDesk.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                                  Domains

                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                  boot.net.anydesk.comAnyDesk.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 141.95.145.210
                                                                                                                                                                                                                  AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 92.223.88.232
                                                                                                                                                                                                                  http://sub.nabprotect-livechat.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 185.229.191.39
                                                                                                                                                                                                                  https://download.anydesk.com/AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 141.95.145.210
                                                                                                                                                                                                                  https://download.anydesk.com/AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 57.128.101.74
                                                                                                                                                                                                                  https://nab-support.com/LiveChat.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 185.229.191.44
                                                                                                                                                                                                                  https://bendigo-desk.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 49.12.130.236
                                                                                                                                                                                                                  https://bendigo-desk.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 92.223.88.232
                                                                                                                                                                                                                  Project.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 57.128.101.78
                                                                                                                                                                                                                  d1atxff5avezsq.cloudfront.nethttps://download.anydesk.com/AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 13.33.82.105
                                                                                                                                                                                                                  https://download.anydesk.com/AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 13.33.82.26
                                                                                                                                                                                                                  https://nab-support.com/LiveChat.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 13.224.14.115
                                                                                                                                                                                                                  https://bendigo-desk.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 18.154.144.27
                                                                                                                                                                                                                  Project.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 18.238.192.9
                                                                                                                                                                                                                  https://download.anydesk.com/AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 3.161.136.116
                                                                                                                                                                                                                  LiveChat.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 13.224.214.128
                                                                                                                                                                                                                  LiveChat.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 13.224.214.48
                                                                                                                                                                                                                  https://bnz-portal.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 99.84.160.61
                                                                                                                                                                                                                  relay-d7627e96.net.anydesk.comLiveChat.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 64.31.23.30
                                                                                                                                                                                                                  AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 64.31.23.30

                                                                                                                                                                                                                  ASNs

                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                  AS-COLOAMUSIhlya7zz0r.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                                  • 67.203.7.148
                                                                                                                                                                                                                  NEW ORDER.pif.exeGet hashmaliciousPureLog StealerBrowse
                                                                                                                                                                                                                  • 67.207.161.253
                                                                                                                                                                                                                  GGBz0FS1z4.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 185.195.214.9
                                                                                                                                                                                                                  bT5nWJkvh0.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 67.227.21.224
                                                                                                                                                                                                                  lEcx2N6LTK.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                  • 67.203.3.32
                                                                                                                                                                                                                  Bdk58TYebF.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                  • 67.203.3.34
                                                                                                                                                                                                                  ZhhHfkNewm.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                  • 162.223.197.223
                                                                                                                                                                                                                  jklarm.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                  • 67.203.3.46
                                                                                                                                                                                                                  oZasOwbAre.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                  • 185.195.214.9
                                                                                                                                                                                                                  LIMESTONENETWORKSUSSecuriteInfo.com.Program.Unwanted.5176.1954.19726.exeGet hashmaliciousHawkEye, PureLog Stealer, XmrigBrowse
                                                                                                                                                                                                                  • 64.31.10.46
                                                                                                                                                                                                                  SecuriteInfo.com.Program.Unwanted.5176.1954.19726.exeGet hashmaliciousHawkEye, Gocoder, PureLog Stealer, XmrigBrowse
                                                                                                                                                                                                                  • 64.31.10.46
                                                                                                                                                                                                                  D7iI17d3sE.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                  • 64.31.53.155
                                                                                                                                                                                                                  thDGuavXoD.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                  • 192.169.92.236
                                                                                                                                                                                                                  http://cdn1.filmnewscd.xyzGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                  • 64.31.37.217
                                                                                                                                                                                                                  ZDKv0w0UwA.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 69.162.86.89
                                                                                                                                                                                                                  https://k-e-v.no/?s=%22%2F%3C%2Fscript%3E%3Cscript%3Ewindow%5B%27location%27%5D%5B%27replace%27%5D%28%5B%27h%27%2C%27t%27%2C%27t%27%2C%27p%27%2C%27s%27%2C%27%3A%27%2C%27%2F%27%2C%27%2F%27%2C%27w%27%2C%27w%27%2C%27w%27%2C%27.%27%2C%27w%27%2C%27h%27%2C%27t%27%2C%27e%27%2C%27n%27%2C%27v%27%2C%27l%27%2C%27p%27%2C%27e%27%2C%27.%27%2C%27c%27%2C%27o%27%2C%27m%27%2C%27%2F%27%2C%27a%27%2C%27c%27%2C%27T%27%2C%27c%27%2C%27l%27%2C%272%27%2C%27k%27%2C%27T%27%2C%27m%27%2C%27P%27%2C%27S%27%2C%27J%27%2C%27i%27%2C%27_%27%2C%27L%27%2C%27d%27%2C%27_%27%2C%27m%27%2C%27h%27%2C%27p%27%2C%27L%27%2C%27w%27%2C%27y%27%2C%27Z%27%2C%27e%27%2C%27d%27%2C%27s%27%2C%27u%27%2C%27P%27%2C%27V%27%2C%27d%27%2C%275%27%2C%275%27%2C%27q%27%2C%27f%27%2C%27t%27%2C%27s%27%2C%272%27%2C%27r%27%2C%27Y%27%2C%27e%27%2C%27_%27%2C%27S%27%2C%27b%27%2C%27Q%27%2C%27X%27%2C%271%27%2C%27b%27%2C%27Z%27%2C%27F%27%2C%27Q%27%2C%27T%27%2C%27N%27%2C%27z%27%2C%27T%27%2C%271%27%2C%27A%27%2C%27s%27%2C%27c%27%2C%27d%27%2C%27I%27%2C%27I%27%2C%27X%27%2C%27G%27%2C%27w%27%2C%27i%27%2C%27c%27%2C%27D%27%2C%27t%27%2C%27e%27%2C%27y%27%2C%27V%27%2C%27V%27%2C%278%27%2C%27v%27%2C%27Z%27%2C%27E%27%2C%27f%27%2C%27f%27%2C%27Y%27%2C%27C%27%2C%27e%27%2C%27o%27%2C%27Y%27%2C%27X%27%2C%27g%27%2C%27~%27%2C%27~%27%5D%5B%27join%27%5D%28%27%27%29%29%2Cdocument%5B%27body%27%5D%5B%27style%27%5D%5B%27opacity%27%5D%3D0x0%3B%3C%2Fscript%3EGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 208.115.232.150
                                                                                                                                                                                                                  http://discord.cc/meuserdd8Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 74.63.219.251
                                                                                                                                                                                                                  http://discord.cc/meuserdd8Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 74.63.219.251
                                                                                                                                                                                                                  OVHFRWkjYJEadMJ.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                  • 91.121.106.146
                                                                                                                                                                                                                  SecuriteInfo.com.Trojan.Siggen19.3578.9894.26344.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 37.187.183.86
                                                                                                                                                                                                                  SecuriteInfo.com.Trojan.Siggen19.3578.9894.26344.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 37.187.183.86
                                                                                                                                                                                                                  https://aolserv.pages.dev/robots.txtIP:Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                  • 51.222.239.230
                                                                                                                                                                                                                  m5EyzJ7S8S.exeGet hashmaliciousAmadey, Glupteba, LummaC Stealer, Mars Stealer, SmokeLoader, Stealc, VidarBrowse
                                                                                                                                                                                                                  • 217.182.75.0
                                                                                                                                                                                                                  PC-101-105.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                  • 51.77.222.4
                                                                                                                                                                                                                  SecuriteInfo.com.MacOS.ReverseShell-C.30585.8425.exeGet hashmaliciousPython Stealer, Discord Token StealerBrowse
                                                                                                                                                                                                                  • 151.80.29.83
                                                                                                                                                                                                                  H085INliC6.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                                                                                                                                  • 192.99.130.89
                                                                                                                                                                                                                  6l1kqDkxR2.elfGet hashmaliciousMoobotBrowse
                                                                                                                                                                                                                  • 192.95.24.242
                                                                                                                                                                                                                  SRtnwytcHZ.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                  • 92.222.205.170
                                                                                                                                                                                                                  MIT-GATEWAYSUSktMLmEUY2l.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                  • 18.93.162.120
                                                                                                                                                                                                                  WkjYJEadMJ.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                  • 19.79.228.234
                                                                                                                                                                                                                  nL4rzMSCVd.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                  • 19.225.129.158
                                                                                                                                                                                                                  https://manual-restore.pages.dev/IP:Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 18.164.96.69
                                                                                                                                                                                                                  http://hip-foul-face.glitch.me/makslfqwlw38laii.htmlIP:Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 18.173.219.74
                                                                                                                                                                                                                  https://aolserv.pages.dev/robots.txtIP:Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                  • 18.164.96.113
                                                                                                                                                                                                                  http://www.hkemploymentlaw.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 18.164.116.70
                                                                                                                                                                                                                  SecuriteInfo.com.MacOS.ReverseShell-C.30585.8425.exeGet hashmaliciousPython Stealer, Discord Token StealerBrowse
                                                                                                                                                                                                                  • 18.164.96.22
                                                                                                                                                                                                                  JiD2VwpPLD.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                  • 19.66.42.224

                                                                                                                                                                                                                  JA3 Fingerprints

                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                  c91bde19008eefabce276152ccd51457AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 37.59.29.33
                                                                                                                                                                                                                  • 64.31.23.30
                                                                                                                                                                                                                  AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 37.59.29.33
                                                                                                                                                                                                                  • 64.31.23.30
                                                                                                                                                                                                                  http://sub.nabprotect-livechat.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 37.59.29.33
                                                                                                                                                                                                                  • 64.31.23.30
                                                                                                                                                                                                                  https://download.anydesk.com/AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 37.59.29.33
                                                                                                                                                                                                                  • 64.31.23.30
                                                                                                                                                                                                                  https://download.anydesk.com/AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 37.59.29.33
                                                                                                                                                                                                                  • 64.31.23.30
                                                                                                                                                                                                                  https://nab-support.com/LiveChat.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 37.59.29.33
                                                                                                                                                                                                                  • 64.31.23.30
                                                                                                                                                                                                                  https://bendigo-desk.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 37.59.29.33
                                                                                                                                                                                                                  • 64.31.23.30
                                                                                                                                                                                                                  https://bendigo-desk.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 37.59.29.33
                                                                                                                                                                                                                  • 64.31.23.30
                                                                                                                                                                                                                  Project.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 37.59.29.33
                                                                                                                                                                                                                  • 64.31.23.30

                                                                                                                                                                                                                  Dropped Files

                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                  C:\ProgramData\WinNet\gcapi.dllhttps://download.anydesk.com/AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    https://nab-support.com/LiveChat.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      Project.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        LiveChat.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          LiveChat.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                anydesk.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  anydesk.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                                                    Created / dropped Files

                                                                                                                                                                                                                                    C:\ProgramData\WinNet\AnyDesk.exe

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\ProgramData\WinNet\embedded.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):5216584
                                                                                                                                                                                                                                    Entropy (8bit):7.999460832435841
                                                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                                                    SSDEEP:98304:NzTZ3cINQscs0m++LNkT6OpwDGUUH57yvZ/49Mr8EO3QhA9Kq:Nzt3cINQscNmvLCwDkHEvZ/4R79x
                                                                                                                                                                                                                                    MD5:A21768190F3B9FEAE33AAEF660CB7A83
                                                                                                                                                                                                                                    SHA1:24780657328783EF50AE0964B23288E68841A421
                                                                                                                                                                                                                                    SHA-256:55E4CE3FE726043070ECD7DE5A74B2459EA8BED19EF2A36CE7884B2AB0863047
                                                                                                                                                                                                                                    SHA-512:CA6DA822072CB0D3797221E578780B19C8953E4207729A002A64A00CED134059C0ED21B02572C43924E4BA3930C0E88CD2CDB309259E3D0DCFB0C282F1832D62
                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Q.hU0.;U0.;U0.;:F#;V0.;:F";]0.;:F.;T0.;:F.;T0.;RichU0.;................PE..L....E.e.........."......*....O...#.S6.......@....@..........................ps.......O...@...........................................s.PH...........HO.HQ...`s......0$..............................................................................text...w(.......*.................. ..`.itext....#..@...........................rdata.......0$.....................@..@.data.....N..@$...N..2..............@....rsrc...PH....s..J....N.............@..@.reloc.......`s......DO.............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                    C:\ProgramData\WinNet\embedded.exe

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SysrI6zSkJ.exe
                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):12371456
                                                                                                                                                                                                                                    Entropy (8bit):6.778870362417023
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:98304:kj1ZAxOCU3yUetDvB6ti3FOU8jRdqY9d2omTt20+NIZ:YAxOCU3yUetDvB6ti1aOTtlcIZ
                                                                                                                                                                                                                                    MD5:DB408CB75C1D0DA769C19A6CBBE60D87
                                                                                                                                                                                                                                    SHA1:76C93E7B38C9B1E17A3506B7527B3EFC4BAF76F5
                                                                                                                                                                                                                                    SHA-256:703D8767AEBE2DAEEA5525DA247CE23775F542C0621DF75CE436B95AAF21CE26
                                                                                                                                                                                                                                    SHA-512:8887125B1DE8969C8FFF3D601553400FA1DFE91E042DF7FB56A9074472839226E2B08289C70E2DA31C813CB8A1DEE59950B3DBDE9812131228A035525E652D84
                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                    Yara Hits:
                                                                                                                                                                                                                                    • Rule: JoeSecurity_EXEembeddedinBATfile, Description: Yara detected EXE embedded in BAT file, Source: C:\ProgramData\WinNet\embedded.exe, Author: Joe Security
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 58%
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......a(J(%I${%I${%I${.9'z=I${.9!z.I${C&.{,I${w<!zvI${w< z6I${w<'z)I${.9 z.I${.9%z>I${%I%{)H${%I${AM${.<$z$I${.<.{$I${.<&z$I${Rich%I${........PE..d......e..........".......)..........4&........@.....................................y....`...........................................9..&....:......p<.......;..G............=......9.T.....................9.(...p.9.8.............)..............................text...4.).......)................. ..`.rdata...P....)..R....).............@..@.data........@:..B...&:.............@....pdata...G....;..H...h:.............@..@_RDATA.......`<.......;.............@..@.rsrc........p<.......;.............@..@.reloc.......=.......<.............@..Bsnapshot.d...0>..f...`=.........................................................................................................................................................................

                                                                                                                                                                                                                                    C:\ProgramData\WinNet\gcapi.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\ProgramData\WinNet\AnyDesk.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                    Category:modified
                                                                                                                                                                                                                                    Size (bytes):394240
                                                                                                                                                                                                                                    Entropy (8bit):6.700175464943679
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:6144:Tv/ioKdMF+LZD/ZRj1vwWrrUFMNoz4pFGxjEB1NYAOrabN2GZvFcD7:Td+LZrNwWrrwMNoz4vG1OYZabtK7
                                                                                                                                                                                                                                    MD5:1CE7D5A1566C8C449D0F6772A8C27900
                                                                                                                                                                                                                                    SHA1:60854185F6338E1BFC7497FD41AA44C5C00D8F85
                                                                                                                                                                                                                                    SHA-256:73170761D6776C0DEBACFBBC61B6988CB8270A20174BF5C049768A264BB8FFAF
                                                                                                                                                                                                                                    SHA-512:7E3411BE8614170AE91DB1626C452997DC6DB663D79130872A124AF982EE1D457CEFBA00ABD7F5269ADCE3052403BE31238AECC3934C7379D224CB792D519753
                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                    Joe Sandbox View:
                                                                                                                                                                                                                                    • Filename: , Detection: malicious, Browse
                                                                                                                                                                                                                                    • Filename: , Detection: malicious, Browse
                                                                                                                                                                                                                                    • Filename: Project.lnk, Detection: malicious, Browse
                                                                                                                                                                                                                                    • Filename: LiveChat.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                    • Filename: LiveChat.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                    • Filename: AnyDesk.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                    • Filename: AnyDesk.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                    • Filename: anydesk.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                    • Filename: anydesk.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                    Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$........q.hB..;B..;B..;.I.:@..;...;W..;...;...;...;b..;.#;@..;!M.:U..;!M.:c..;!M.:u..;...;@..;,M.:...;...;Y..;B..;~..;,M.:e..;,M.:C..;,M.;C..;B.s;C..;,M.:C..;RichB..;........................PE..L......W.........."!................:.....................................................@.........................p................0.......................@..h2......8...........................p...@.......................@....................text...y........................... ..`.rdata...-..........................@..@.data...H5..........................@....gfids..(...........................@..@.tls......... ......................@....rsrc........0......................@..@.reloc..h2...@...4..................@..B................................................................................................................................................................

                                                                                                                                                                                                                                    C:\ProgramData\WinNet\gg.exe

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SysrI6zSkJ.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):304128
                                                                                                                                                                                                                                    Entropy (8bit):5.030148501932413
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:3072:lqFFrqwIOGEzyJNmWb7cGaXSf0vdSP/HqlYuJTZFfuIMcZqf7D34teqiOLCbBOj:sBIOGFiifzHqlpJTZhWcZqf7DIXL
                                                                                                                                                                                                                                    MD5:20AB063F206EB8115FDE1479E05C245E
                                                                                                                                                                                                                                    SHA1:2088F3C51A5AD9E11DA999A7114623274CC69692
                                                                                                                                                                                                                                    SHA-256:5EC4818DA47F24AC8762BF73D0395662639142F86B930DB138E586C2EB91B29E
                                                                                                                                                                                                                                    SHA-512:2DC3181D57EE616C1BB5860D0007D06C04BA1A693064FE7044D9F07939E99E54E8B2864EBBB7268118784A691037DAD6756532BD149C74AEEDC993D0D0E4A0C5
                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                    Yara Hits:
                                                                                                                                                                                                                                    • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\ProgramData\WinNet\gg.exe, Author: Joe Security
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 71%
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....................0................. ........@.. ....................................@.................................|...O...................................`................................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                    C:\ProgramData\WinNet\p.vbs

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SysrI6zSkJ.exe
                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):170
                                                                                                                                                                                                                                    Entropy (8bit):4.9082518346015584
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:3:Zy0c74Wuj0c74Wm+m8nmKGc74WDQIUqF4R51GREfL4lDFnqJXRPc74WmTC:Zdc74Wpc74WCqXGc74WD/Uq88RqTPc7P
                                                                                                                                                                                                                                    MD5:3BA4CEBB444685D48F8B0DFD67C8390D
                                                                                                                                                                                                                                    SHA1:8B84E1821C39EC8658E603E498B07E08DDA2E6D1
                                                                                                                                                                                                                                    SHA-256:7F2BB84F63B47F35EE7EB70A35D35B81B63A7BCD39029CFB918FB6839F45A70C
                                                                                                                                                                                                                                    SHA-512:42B8271CD6343F7D75F4D5398370ED7D614C2250EA43531A9F19E80E5F0A339F6CC5EC565326CC6911B33BF872CEF9B860D72D8887573D92D5C7661C580A232E
                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                    Preview:Dim WinScriptHost.Set WinScriptHost = CreateObject("WScript.Shell").WinScriptHost.Run Chr(34) & "C:\\ProgramData\\WinNet\\gg.exe" & Chr(34), 0.Set WinScriptHost = Nothing

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\gg.exe.log

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\ProgramData\WinNet\gg.exe
                                                                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):3094
                                                                                                                                                                                                                                    Entropy (8bit):5.33145931749415
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:96:Pq5qHwCYqh3oPtI6eqzxP0aymTqdqlq7qqjqcEZ5D:Pq5qHwCYqh3qtI6eqzxP0atTqdqlq7qV
                                                                                                                                                                                                                                    MD5:3FD5C0634443FB2EF2796B9636159CB6
                                                                                                                                                                                                                                    SHA1:366DDE94AEFCFFFAB8E03AD8B448E05D7489EB48
                                                                                                                                                                                                                                    SHA-256:58307E94C67E2348F5A838DE4FF668983B38B7E9A3B1D61535D3A392814A57D6
                                                                                                                                                                                                                                    SHA-512:8535E7C0777C6B0876936D84BDE2BDC59963CF0954D4E50D65808E6E806E8B131DF5DB8FA0E030FAE2702143A7C3A70698A2B9A80519C9E2FFC286A71F0B797C
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\gcapi.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\ProgramData\WinNet\AnyDesk.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):394240
                                                                                                                                                                                                                                    Entropy (8bit):6.700175464943679
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:6144:Tv/ioKdMF+LZD/ZRj1vwWrrUFMNoz4pFGxjEB1NYAOrabN2GZvFcD7:Td+LZrNwWrrwMNoz4vG1OYZabtK7
                                                                                                                                                                                                                                    MD5:1CE7D5A1566C8C449D0F6772A8C27900
                                                                                                                                                                                                                                    SHA1:60854185F6338E1BFC7497FD41AA44C5C00D8F85
                                                                                                                                                                                                                                    SHA-256:73170761D6776C0DEBACFBBC61B6988CB8270A20174BF5C049768A264BB8FFAF
                                                                                                                                                                                                                                    SHA-512:7E3411BE8614170AE91DB1626C452997DC6DB663D79130872A124AF982EE1D457CEFBA00ABD7F5269ADCE3052403BE31238AECC3934C7379D224CB792D519753
                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                    Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$........q.hB..;B..;B..;.I.:@..;...;W..;...;...;...;b..;.#;@..;!M.:U..;!M.:c..;!M.:u..;...;@..;,M.:...;...;Y..;B..;~..;,M.:e..;,M.:C..;,M.;C..;B.s;C..;,M.:C..;RichB..;........................PE..L......W.........."!................:.....................................................@.........................p................0.......................@..h2......8...........................p...@.......................@....................text...y........................... ..`.rdata...-..........................@..@.data...H5..........................@....gfids..(...........................@..@.tls......... ......................@....rsrc........0......................@..@.reloc..h2...@...4..................@..B................................................................................................................................................................

                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\AnyDesk\ad.trace

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\ProgramData\WinNet\AnyDesk.exe
                                                                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                    Category:modified
                                                                                                                                                                                                                                    Size (bytes):30357
                                                                                                                                                                                                                                    Entropy (8bit):4.377593110411535
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:384:y2dnhaUtbBRvqrvoTIxmynjj2si8sxN5NiX2naN:PnhaUtbUjHcxDy
                                                                                                                                                                                                                                    MD5:01F495715B1137F749C46922F30423DD
                                                                                                                                                                                                                                    SHA1:17DB2DB4F786A484BC4D8B0855555467210CEC53
                                                                                                                                                                                                                                    SHA-256:47D98EC2A9EF7F6EC099C725DD430E24C6639822ACA4D51D7F99BA72C2FAC6A9
                                                                                                                                                                                                                                    SHA-512:6CDA20976A166A05D718582C9426D3D6CA8C8EC9CCB4FECF27754280F94871B46CACF553FC856C3618F2C0372B318B0E15F6294998D1265B780C7A02010996A5
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview: * * * * * * * * * * * * * * * * * *.. info 2024-03-03 12:43:02.547 front 7872 7876 main - * AnyDesk Windows Startup *.. info 2024-03-03 12:43:02.547 front 7872 7876 main - * Version 8.0.8 ((detached head) 161cbc3269fd82431aba292c6ced1f1480f4964c).. info 2024-03-03 12:43:02.547 front 7872 7876 main - * Checksum 48544a05569c2af380b61b4f5af5a087.. info 2024-03-03 12:43:02.547 front 7872 7876 main - * Build 20240127190435.. info 2024-03-03 12:43:02.547 front 7872 7876 main - * Copyright (C) 2024 AnyDesk Software GmbH *.. info 2024-03-03 12:43:02.547 front 7872 7876 main - .. info 2024-03-03 12:43:02.547 front 7872 7876 main - Command Line params: C:\ProgramData\WinNet\AnyDesk.exe.. i

                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\AnyDesk\service.conf

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\ProgramData\WinNet\AnyDesk.exe
                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (1751)
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):2970
                                                                                                                                                                                                                                    Entropy (8bit):6.032479016787394
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:48:uISTI3ia8uPaX+lXPOc4zbZ7Lj6ISapjGPNkLqJLSTQjzDwo6qacSO4D+uyMrhs3:uISTWiaVPasPOffZ7LexapalNNDw9jxq
                                                                                                                                                                                                                                    MD5:01E064C6CEC5814838938571DF664F3B
                                                                                                                                                                                                                                    SHA1:5B831B46AFCA6F51FD0310A09071894889E11147
                                                                                                                                                                                                                                    SHA-256:BB9B82AEEC6BCAF11C28F8D1C2563544B2531A9512DEAE5A658F9E1E43256782
                                                                                                                                                                                                                                    SHA-512:C6111B013F02E0DD1C81B5E0D2D461F369E5B56F18057F78A4F75A64749598D789AF43C1E1451DA1759997F8C562C282ED8087C041EBCD123527F8E4F779F9E1
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:ad.anynet.cert=-----BEGIN CERTIFICATE-----\nMIICqDCCAZACAQEwDQYJKoZIhvcNAQELBQAwGTEXMBUGA1UEAwwOQW55RGVzayBD\nbGllbnQwIBcNMjQwMzAzMTI0MzA1WhgPMjA3NDAyMTkxMjQzMDVaMBkxFzAVBgNV\nBAMMDkFueURlc2sgQ2xpZW50MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC\nAQEAv6c9zaZYsmnz0ZB13DHMTD0ynvCUNvZtRGnSuH7nsm7mYyRrk+YkN52M5UvD\n2rWprBrQkuartpVMMbBy8TROnPmvPFwzk5kzUwYgZmdl5+EMwwQRCciWpe/StmHt\nW8q1wotRh2MQNAVdJtTdIv3G2ua9RrcBfY9uodQzdqML9Mss0y+6OoAOPQzh90ci\nATDjJOjcyIyClUgiAKa5E6V1aE+1AaDCb5Z2PIJq3aPZCS1UuqApkp1EkoR1tKce\n7a5Uxpxes2LI9SXh5KnV2qvgP0xN02wl8ngvjO2s9I5gZAW1MnpkxXbW7nkXibqq\n1v+dIeDGxxhNopVL1SeDChOnLwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAHH49j\ndoXZN7w2FLDwXOVzjZUGYuDRtgr6ybOdPAlzszLMTV9XkXdHo2p/Z1iBhhXbuwG4\nVVcXXaoY7ar+0KwG+qgd1pQZ2sfDSQerAupdyIfFE5FoYMBDqFX1Q0seQkG4fUxd\nRkZuVgsc6hFlDQjlt//8Mcvy+voMpmHHZclg+8XOubOuQTiLldBUZ895Uc4BCLec\nDyO6PpwVFhR8wQBPZo4pwBt309n3uhq2XM3fPW+Nzevmv6AoFzwQ1hw6TRt38iba\nO8by65ZNqf/FEZOPVZmTGVmk3iWI2D0uN1rirqbDlnjNnMnRgUTmwCSVSj+6hfPq\nJs9P+OeHU7zW5ajz\n-----END CERTI

                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\AnyDesk\system.conf

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\ProgramData\WinNet\AnyDesk.exe
                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):802
                                                                                                                                                                                                                                    Entropy (8bit):4.821449803056487
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:12:o2TLv5HrVFEcER5syiBs7sdi7lNqQHvWhQ44LroBGgFBG9LhhwOMcn:F3v5LVCcENiBsB5sAw34LtB9LhhwOMc
                                                                                                                                                                                                                                    MD5:AE5E3C63DF01DBAF302B9A727E1FD3E6
                                                                                                                                                                                                                                    SHA1:9AB4973B7D39EFCE37202F7103EFC8A833C5F41A
                                                                                                                                                                                                                                    SHA-256:12F2F90DB86A50FEABAD0A4EDBA408CAEF70504415A6C36FC8A39A84D1DAFC1D
                                                                                                                                                                                                                                    SHA-512:F9AC138872841D4C5129D0211047FC66C0C0ED0CB44D0CA43C880B39E0AF60EA97C3A7A8BE42E5E0C7732472D61E0154069F44038EAF1E913A3DF54F270E6B39
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:ad.anynet.alias=.ad.anynet.client_stats_hash=b1f7518ff116314007add896914384f97e95532e.ad.anynet.cur_version=34359738376.ad.anynet.fpr=ed865e2370247634f518f71a2f90e0b35e30bf20.ad.anynet.id=1194019040.ad.anynet.last_relay=relay-d7627e96.net.anydesk.com:80:443:6568.ad.anynet.network_hash=2038af04831d5c3d6443e0de15a3df48f2c757b0.ad.anynet.network_id=main.ad.anynet.relay.fatal_result=1.0.ad.anynet.relay.state=2.ad.license.name=free-1.ad.security.frontend_clipboard=1.ad.security.frontend_clipboard_files=1.ad.security.frontend_clipboard_version=1.ad.security.permission_profiles._default.permissions.sas=1.ad.security.permission_profiles._unattended_access.permissions.sas=1.ad.security.permission_profiles.version=1.ad.security.update_version=1.ad.wol.mac_hash=47dcfed10c8d0ae02cf11ad2a06fa0e5224153e3.

                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\AnyDesk\user.conf

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\ProgramData\WinNet\AnyDesk.exe
                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (3261)
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):7120
                                                                                                                                                                                                                                    Entropy (8bit):4.41664974293869
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:192:1z0DFhkoXRxp81jWBL6GB/8FuKr1b5azwVbxV:yBAdWBL/B/6uK71V1V
                                                                                                                                                                                                                                    MD5:FE6A0EE6166EF9FE5BB94AFC51B7C9B7
                                                                                                                                                                                                                                    SHA1:294FE00F60D1AFBEB6DC8AEB12A97C2F97BEAAB3
                                                                                                                                                                                                                                    SHA-256:B025DAB8BC0347F8A64A350188C1751485CB41E1CBEDB37894688A2BBE1F3749
                                                                                                                                                                                                                                    SHA-512:689BEBE72FC2FF5F51A93D77DB3A8DABD5B5929CB6DB02272DBEC55329D2259A0E38D61244C62BF8C3E33FD534CC1629A5D8B5208185B53B58EAEC0FCF744F00
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:ad.account.auth_methods=6fa74c609a01f31f1f670668df954f4642a4aae8018a18daf78f7344602093f698a6c16b3bcbeef90ff648310f1fa2df0b53d2e90e4e008262013ecaea92da1df2c69f843291017c397d4b473f562f1929b70449e13fd3dc3a0396a444a2c27374ab0862b47b212f41cf5778b89c2440234ef0f32df6c8098eae7af8abfe6be5d70c18e4b69f65eb71b237aee0bf5470f0d92a44e01de5f86c200a60c3deb2182e82806804e9ccd5a6af82bc13a30eb5b5d30a7fc873ef88db18f7ee0be3122f704b0959d4fd239e6edd56e52331cc0f2a9857ed8eb8dab8b7e2880bf8fea75a282c69ee4376.ad.account.info=6fa74c609a01f31f1f670668df954f4642a4aae8018a18daf78f7344602093f698a6c16b3bcbeef90ff648310f1fa2df0b53d2e90e4e008262013ecaea92653058f4e7c073949a59237b1c8c503558b457aac8d296dba41f7e0bf5a8bca6c27374ab0862b47b212f41cf5778b89ca3af6dbde6d499637988f89b8fe9b625c9b55a31797b6c501cb32503b557bde96470f0d9dd19ceee335f73d7c8a50416690ea0c6aef88a0ae95c0932cbcfd4ac5c7f2e7f11cc97f0bf8d4edde66692d2f270b471fa1cf21bfc4242e3a28d604fbf4242b00f6df5e94eaae69c2a61f1de08c5399d2b6f51ff4de1a571c10023b755b4cf4e0567fd41.ad.acc

                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms (copy)

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\ProgramData\WinNet\AnyDesk.exe
                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):3490
                                                                                                                                                                                                                                    Entropy (8bit):3.2039303601796094
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:24:MFZF7ApmN7js0RX4pYWoymPFZFfkAQn9js0RX4GjDym+:oHspejsycNoyiHb29jsyny1
                                                                                                                                                                                                                                    MD5:375C47A0772A1ED24F5D5C1255CD6D39
                                                                                                                                                                                                                                    SHA1:C55185D98A6EA76209EA3182988432B182C56038
                                                                                                                                                                                                                                    SHA-256:60DF8D622C4B027E0D57317744F366DFCFA307F0A1D31D4B627C51A2D2920AEC
                                                                                                                                                                                                                                    SHA-512:EE7B849C7499249852EA00ADC026D2231F19D8F9630A1FDCF489BC2AFC70F309E835014D0505BD49507EEA69CF1DA69C18A33277BEE245D8B8AEC8353CB42908
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:...................................FL..................F.@.. .....Shm...N.Shm.....Shm..H.O.....................E....P.O. .:i.....+00.../C:\...................`.1.....cX`e. PROGRA~3..H......O.IcX`e....g.........................P.r.o.g.r.a.m.D.a.t.a.....T.1.....cX`e. WinNet..>......cX`ecX`e.........................."...W.i.n.N.e.t.....b.2.H.O.cX`e AnyDesk.exe.H......cX`ecX`e....i....................."...A.n.y.D.e.s.k...e.x.e.......P...............-.......O............"eC.....C:\ProgramData\WinNet\AnyDesk.exe....O.p.e.n. .a. .n.e.w. .A.n.y.D.e.s.k. .w.i.n.d.o.w...!.C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.W.i.n.N.e.t.\.A.n.y.D.e.s.k...e.x.e.........%ALLUSERSPROFILE%\WinNet\AnyDesk.exe................................................................................................................................................................................................................................%.A.L.L.U.S.E.R.S.P.R.O.F.I.L.E.%.\.W.i.n.N.e.t.\.A.n.y.D.e.s.k...e.x.e....................

                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\I6KIFVPNQA3LFAA07AVE.temp

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\ProgramData\WinNet\AnyDesk.exe
                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):3490
                                                                                                                                                                                                                                    Entropy (8bit):3.2039303601796094
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:24:MFZF7ApmN7js0RX4pYWoymPFZFfkAQn9js0RX4GjDym+:oHspejsycNoyiHb29jsyny1
                                                                                                                                                                                                                                    MD5:375C47A0772A1ED24F5D5C1255CD6D39
                                                                                                                                                                                                                                    SHA1:C55185D98A6EA76209EA3182988432B182C56038
                                                                                                                                                                                                                                    SHA-256:60DF8D622C4B027E0D57317744F366DFCFA307F0A1D31D4B627C51A2D2920AEC
                                                                                                                                                                                                                                    SHA-512:EE7B849C7499249852EA00ADC026D2231F19D8F9630A1FDCF489BC2AFC70F309E835014D0505BD49507EEA69CF1DA69C18A33277BEE245D8B8AEC8353CB42908
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:...................................FL..................F.@.. .....Shm...N.Shm.....Shm..H.O.....................E....P.O. .:i.....+00.../C:\...................`.1.....cX`e. PROGRA~3..H......O.IcX`e....g.........................P.r.o.g.r.a.m.D.a.t.a.....T.1.....cX`e. WinNet..>......cX`ecX`e.........................."...W.i.n.N.e.t.....b.2.H.O.cX`e AnyDesk.exe.H......cX`ecX`e....i....................."...A.n.y.D.e.s.k...e.x.e.......P...............-.......O............"eC.....C:\ProgramData\WinNet\AnyDesk.exe....O.p.e.n. .a. .n.e.w. .A.n.y.D.e.s.k. .w.i.n.d.o.w...!.C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.W.i.n.N.e.t.\.A.n.y.D.e.s.k...e.x.e.........%ALLUSERSPROFILE%\WinNet\AnyDesk.exe................................................................................................................................................................................................................................%.A.L.L.U.S.E.R.S.P.R.O.F.I.L.E.%.\.W.i.n.N.e.t.\.A.n.y.D.e.s.k...e.x.e....................

                                                                                                                                                                                                                                    Static File Info

                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                    File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                    Entropy (8bit):6.397360951799639
                                                                                                                                                                                                                                    TrID:
                                                                                                                                                                                                                                    • Win64 Executable GUI (202006/5) 92.65%
                                                                                                                                                                                                                                    • Win64 Executable (generic) (12005/4) 5.51%
                                                                                                                                                                                                                                    • Generic Win/DOS Executable (2004/3) 0.92%
                                                                                                                                                                                                                                    • DOS Executable Generic (2002/1) 0.92%
                                                                                                                                                                                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                    File name:SysrI6zSkJ.exe
                                                                                                                                                                                                                                    File size:21'906'944 bytes
                                                                                                                                                                                                                                    MD5:2e501240ec8b9aab46d76a6504e44882
                                                                                                                                                                                                                                    SHA1:1a97d7662e66502faa5a7718565bb362eb6f27bd
                                                                                                                                                                                                                                    SHA256:582cf0470ba0d2c2ef2c3fee83442db0e345656f7d7c46ee5b613998fdd6ee00
                                                                                                                                                                                                                                    SHA512:eae4aacbfcee43ad8f9b2acbddb1b3b71c2aec0064bc6605107eb8b254614361c77984d09e7eabb91fc26634822ac448d8be884dd8f174021c52979690c2f97b
                                                                                                                                                                                                                                    SSDEEP:98304:Kj1ZAxOCU3yUetDvB6ti3FOU8jRdqY9d2omTt20+NVZ:mAxOCU3yUetDvB6ti1aOTtlcVZ
                                                                                                                                                                                                                                    TLSH:C527D03287433CF9D86C5936D0262E155E78368BCB25A1CFEBC424772FAEDC48D29661
                                                                                                                                                                                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......a(J(%I${%I${%I${.9'z=I${.9!z.I${C&.{,I${w<!zvI${w< z6I${w<'z)I${.9 z.I${.9%z>I${%I%{)H${%I${AM${.<$z$I${.<.{$I${.<&z$I${Rich%I$

                                                                                                                                                                                                                                    File Icon

                                                                                                                                                                                                                                    Icon Hash:1765839997876d37

                                                                                                                                                                                                                                    Static PE Info

                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                    Entrypoint:0x1402634e4
                                                                                                                                                                                                                                    Entrypoint Section:.text
                                                                                                                                                                                                                                    Digitally signed:false
                                                                                                                                                                                                                                    Imagebase:0x140000000
                                                                                                                                                                                                                                    Subsystem:windows gui
                                                                                                                                                                                                                                    Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                                                                                                    DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                    Time Stamp:0x65C29ABB [Tue Feb 6 20:46:51 2024 UTC]
                                                                                                                                                                                                                                    TLS Callbacks:0x4018cd80, 0x1, 0x4009cf00, 0x1
                                                                                                                                                                                                                                    CLR (.Net) Version:
                                                                                                                                                                                                                                    OS Version Major:5
                                                                                                                                                                                                                                    OS Version Minor:2
                                                                                                                                                                                                                                    File Version Major:5
                                                                                                                                                                                                                                    File Version Minor:2
                                                                                                                                                                                                                                    Subsystem Version Major:5
                                                                                                                                                                                                                                    Subsystem Version Minor:2
                                                                                                                                                                                                                                    Import Hash:9576feaee7c50f81d281a6149bed248d

                                                                                                                                                                                                                                    Entrypoint Preview

                                                                                                                                                                                                                                    Instruction
                                                                                                                                                                                                                                    dec eax
                                                                                                                                                                                                                                    sub esp, 28h
                                                                                                                                                                                                                                    call 00007FDCD51CD098h
                                                                                                                                                                                                                                    dec eax
                                                                                                                                                                                                                                    add esp, 28h
                                                                                                                                                                                                                                    jmp 00007FDCD51CC6F7h
                                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                                    inc eax
                                                                                                                                                                                                                                    push ebx
                                                                                                                                                                                                                                    dec eax
                                                                                                                                                                                                                                    sub esp, 20h
                                                                                                                                                                                                                                    dec eax
                                                                                                                                                                                                                                    mov ebx, ecx
                                                                                                                                                                                                                                    xor ecx, ecx
                                                                                                                                                                                                                                    call dword ptr [0003AD3Fh]
                                                                                                                                                                                                                                    dec eax
                                                                                                                                                                                                                                    mov ecx, ebx
                                                                                                                                                                                                                                    call dword ptr [0003B04Eh]
                                                                                                                                                                                                                                    call dword ptr [0003ADB0h]
                                                                                                                                                                                                                                    dec eax
                                                                                                                                                                                                                                    mov ecx, eax
                                                                                                                                                                                                                                    mov edx, C0000409h
                                                                                                                                                                                                                                    dec eax
                                                                                                                                                                                                                                    add esp, 20h
                                                                                                                                                                                                                                    pop ebx
                                                                                                                                                                                                                                    dec eax
                                                                                                                                                                                                                                    jmp dword ptr [0003AD8Ch]
                                                                                                                                                                                                                                    dec eax
                                                                                                                                                                                                                                    mov dword ptr [esp+08h], ecx
                                                                                                                                                                                                                                    dec eax
                                                                                                                                                                                                                                    sub esp, 38h
                                                                                                                                                                                                                                    mov ecx, 00000017h
                                                                                                                                                                                                                                    call dword ptr [0003B028h]
                                                                                                                                                                                                                                    test eax, eax
                                                                                                                                                                                                                                    je 00007FDCD51CC889h
                                                                                                                                                                                                                                    mov ecx, 00000002h
                                                                                                                                                                                                                                    int 29h
                                                                                                                                                                                                                                    dec eax
                                                                                                                                                                                                                                    lea ecx, dword ptr [0014B62Eh]
                                                                                                                                                                                                                                    call 00007FDCD51CCA4Eh
                                                                                                                                                                                                                                    dec eax
                                                                                                                                                                                                                                    mov eax, dword ptr [esp+38h]
                                                                                                                                                                                                                                    dec eax
                                                                                                                                                                                                                                    mov dword ptr [0014B715h], eax
                                                                                                                                                                                                                                    dec eax
                                                                                                                                                                                                                                    lea eax, dword ptr [esp+38h]
                                                                                                                                                                                                                                    dec eax
                                                                                                                                                                                                                                    add eax, 08h
                                                                                                                                                                                                                                    dec eax
                                                                                                                                                                                                                                    mov dword ptr [0014B6A5h], eax
                                                                                                                                                                                                                                    dec eax
                                                                                                                                                                                                                                    mov eax, dword ptr [0014B6FEh]
                                                                                                                                                                                                                                    dec eax
                                                                                                                                                                                                                                    mov dword ptr [0014B56Fh], eax
                                                                                                                                                                                                                                    dec eax
                                                                                                                                                                                                                                    mov eax, dword ptr [esp+40h]
                                                                                                                                                                                                                                    dec eax
                                                                                                                                                                                                                                    mov dword ptr [0014B673h], eax
                                                                                                                                                                                                                                    mov dword ptr [0014B549h], C0000409h
                                                                                                                                                                                                                                    mov dword ptr [0014B543h], 00000001h
                                                                                                                                                                                                                                    mov dword ptr [0014B54Dh], 00000001h

                                                                                                                                                                                                                                    Data Directories

                                                                                                                                                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x39f1000x26d8.rdata
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x3a17d80x118.rdata
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x3c70000x10ab5.rsrc
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x3b10000x147a8.pdata
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x3d80000xa0e8.reloc
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x398a180x54.rdata
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x398c000x28.rdata
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x398a700x138.rdata
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x29e0000x790.rdata
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                    Sections

                                                                                                                                                                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                    .text0x10000x29ce340x29d000540077970aa66d75d4e97e3a6080936cunknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                    .rdata0x29e0000x1050ee0x105200ec7e77069345beb6fd4280abff24481eFalse0.3736228084609861data6.1960997863784755IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                    .data0x3a40000xc21c0x42008224b3809e97cfd4c4ab01b6d66b1871False0.181640625data3.794800668027772IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                    .pdata0x3b10000x147a80x14800211a9e14a91d5aed26341c803e945f7aFalse0.4945931783536585data6.021656628421719IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                    _RDATA0x3c60000xfc0x200e6b9c002c7370fb9390f6d78a24e5375False0.326171875data2.4706336560932725IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                    .rsrc0x3c70000x10ab50x10c0088f1cf54e2672a8cf3b7a789982939fcFalse0.08477145522388059data3.699073812667143IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                    .reloc0x3d80000xa0e80xa20031614008b9578caeea7592d554cef0f2False0.15048707561728394data5.449275206873749IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                    snapshot0x3e30000x110e4c00x110e600828acc69034bc21f6c78e11157c4ef6eunknownunknownunknownunknownIMAGE_SCN_MEM_DISCARDABLE

                                                                                                                                                                                                                                    Resources

                                                                                                                                                                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                    RT_ICON0x3c70fc0x10828Device independent bitmap graphic, 128 x 256 x 32, image size 675840.08026736070034307
                                                                                                                                                                                                                                    RT_GROUP_ICON0x3d79240x14data1.15
                                                                                                                                                                                                                                    RT_MANIFEST0x3d79380x17dXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5931758530183727

                                                                                                                                                                                                                                    Imports

                                                                                                                                                                                                                                    DLLImport
                                                                                                                                                                                                                                    ole32.dllCoTaskMemFree, CoTaskMemAlloc
                                                                                                                                                                                                                                    IPHLPAPI.DLLGetAdaptersAddresses
                                                                                                                                                                                                                                    PSAPI.DLLGetProcessMemoryInfo, EnumProcessModules
                                                                                                                                                                                                                                    WS2_32.dllsocket, WSARecv, WSASend, getsockopt, WSAGetLastError, WSASetLastError, WSAIoctl, closesocket, setsockopt, send, recv, ioctlsocket, connect, WSASocketW, listen, bind, WSASendTo, InetNtopW, InetPtonW, getnameinfo, freeaddrinfo, getaddrinfo, getpeername, getsockname, WSAStartup, WSAAddressToStringW, ntohs, htons, gethostname, WSARecvFrom, shutdown
                                                                                                                                                                                                                                    RPCRT4.dllUuidCreateSequential, UuidToStringW, RpcStringFreeW
                                                                                                                                                                                                                                    SHLWAPI.dllUrlIsW, PathCreateFromUrlW
                                                                                                                                                                                                                                    ADVAPI32.dllRegGetValueW
                                                                                                                                                                                                                                    SHELL32.dllCommandLineToArgvW
                                                                                                                                                                                                                                    dbghelp.dllSymCleanup, SymInitialize, SymSetOptions
                                                                                                                                                                                                                                    bcrypt.dllBCryptGenRandom
                                                                                                                                                                                                                                    CRYPT32.dllCertEnumCertificatesInStore, CertFreeCertificateContext, CertCloseStore, CertOpenStore
                                                                                                                                                                                                                                    KERNEL32.dllGetUserDefaultLCID, IsValidLocale, GetLocaleInfoW, LCMapStringW, CompareStringW, HeapAlloc, HeapFree, GetCommandLineA, GetModuleHandleExW, FreeLibraryAndExitThread, ExitThread, CreateThread, SystemTimeToFileTime, TzSpecificLocalTimeToSystemTime, CreatePipe, DuplicateHandle, EnumSystemLocalesW, GetDriveTypeW, ReadConsoleW, RaiseException, GetCPInfo, GetStringTypeW, LCMapStringEx, DecodePointer, EncodePointer, FindFirstFileExW, IsValidCodePage, GetACP, GetOEMCP, SetEnvironmentVariableW, GetProcessHeap, HeapReAlloc, GetFileSizeEx, WriteConsoleW, PeekNamedPipe, GetTempPathW, InitOnceExecuteOnce, SetConsoleCtrlHandler, GetConsoleOutputCP, GetConsoleCP, SetConsoleOutputCP, SetConsoleCP, GetStdHandle, GetConsoleMode, SetConsoleMode, MultiByteToWideChar, CreateFileW, SetStdHandle, CreateIoCompletionPort, CancelIoEx, CloseHandle, WaitForSingleObject, OpenThread, GetFileType, ReadFile, PostQueuedCompletionStatus, GetLastError, WriteFile, SetLastError, ReadDirectoryChangesW, GetQueuedCompletionStatus, GetCurrentDirectoryW, SetCurrentDirectoryW, SetErrorMode, SetUnhandledExceptionFilter, GetSystemInfo, GetUserDefaultLocaleName, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetModuleFileNameW, WideCharToMultiByte, ExitProcess, GetModuleHandleW, GetProcAddress, CreateProcessW, CreateEventW, WaitForMultipleObjects, OpenProcess, TerminateProcess, GetCurrentProcessId, GetCurrentProcess, CreateNamedPipeW, RegisterWaitForSingleObject, UnregisterWait, GetExitCodeProcess, GetConsoleScreenBufferInfo, LoadLibraryExW, FreeLibrary, LoadLibraryW, FormatMessageA, LocalFree, VirtualAlloc, VirtualFree, VirtualProtect, InitializeSRWLock, AcquireSRWLockShared, AcquireSRWLockExclusive, ReleaseSRWLockShared, ReleaseSRWLockExclusive, TlsGetValue, TlsAlloc, TlsSetValue, FindNextFileW, FindFirstFileW, GetFileInformationByHandle, FindClose, GetFileAttributesW, CreateDirectoryW, HeapSize, RemoveDirectoryW, MoveFileExW, DeleteFileW, SetFileAttributesW, SetFilePointerEx, SetEndOfFile, FlushFileBuffers, LockFileEx, UnlockFileEx, GetFullPathNameW, CreateSymbolicLinkW, CopyFileExW, MoveFileW, DeviceIoControl, SetFileTime, GetFinalPathNameByHandleW, GetCurrentThreadId, TryAcquireSRWLockExclusive, InitializeCriticalSection, InitializeConditionVariable, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, SleepConditionVariableCS, WakeConditionVariable, WakeAllConditionVariable, FormatMessageW, GetCommandLineW, QueryPerformanceFrequency, QueryPerformanceCounter, GetSystemTimeAsFileTime, Sleep, GetCurrentThread, SetThreadPriority, TlsFree, VirtualQuery, SleepConditionVariableSRW, GetTimeZoneInformation, FileTimeToSystemTime, GetTimeZoneInformationForYear, SystemTimeToTzSpecificLocalTime, GetLocaleInfoEx, CreateFileA, CreateFileMappingW, MapViewOfFile, UnmapViewOfFile, InitializeCriticalSectionAndSpinCount, SetEvent, ResetEvent, WaitForSingleObjectEx, InitializeSListHead, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, IsProcessorFeaturePresent, IsDebuggerPresent, GetStartupInfoW, InitOnceBeginInitialize, InitializeCriticalSectionEx, TryEnterCriticalSection, InitOnceComplete, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree
                                                                                                                                                                                                                                    ntdll.dllRtlUnwindEx, RtlUnwind, RtlPcToFileHeader

                                                                                                                                                                                                                                    Exports

                                                                                                                                                                                                                                    NameOrdinalAddress
                                                                                                                                                                                                                                    Dart_AddSymbols10x140242a30
                                                                                                                                                                                                                                    Dart_Allocate20x140256d60
                                                                                                                                                                                                                                    Dart_AllocateWithNativeFields30x140257380
                                                                                                                                                                                                                                    Dart_BooleanValue40x14024ccb0
                                                                                                                                                                                                                                    Dart_ClassLibrary50x14024a640
                                                                                                                                                                                                                                    Dart_ClassName60x140249860
                                                                                                                                                                                                                                    Dart_Cleanup70x140241430
                                                                                                                                                                                                                                    Dart_CloseNativePort80x140262630
                                                                                                                                                                                                                                    Dart_ClosureFunction90x14024a2d0
                                                                                                                                                                                                                                    Dart_CompileAll100x140262700
                                                                                                                                                                                                                                    Dart_CompileToKernel110x140260ca0
                                                                                                                                                                                                                                    Dart_CopyUTF8EncodingOfString120x14024ed90
                                                                                                                                                                                                                                    Dart_CreateAppAOTSnapshotAsAssemblies130x140260e20
                                                                                                                                                                                                                                    Dart_CreateAppAOTSnapshotAsAssembly140x140260e20
                                                                                                                                                                                                                                    Dart_CreateAppAOTSnapshotAsElf150x140260e00
                                                                                                                                                                                                                                    Dart_CreateAppAOTSnapshotAsElfs160x140260e00
                                                                                                                                                                                                                                    Dart_CreateAppJITSnapshotAsBlobs170x140260e40
                                                                                                                                                                                                                                    Dart_CreateCoreJITSnapshotAsBlobs180x140260e40
                                                                                                                                                                                                                                    Dart_CreateIsolateGroup190x140241ae0
                                                                                                                                                                                                                                    Dart_CreateIsolateGroupFromKernel200x140241c70
                                                                                                                                                                                                                                    Dart_CreateIsolateInGroup210x140241e40
                                                                                                                                                                                                                                    Dart_CreateSnapshot220x140243770
                                                                                                                                                                                                                                    Dart_CreateVMAOTSnapshotAsAssembly230x140260e20
                                                                                                                                                                                                                                    Dart_CurrentIsolate240x1402421b0
                                                                                                                                                                                                                                    Dart_CurrentIsolateData250x1402421e0
                                                                                                                                                                                                                                    Dart_CurrentIsolateGroup260x1402422f0
                                                                                                                                                                                                                                    Dart_CurrentIsolateGroupData270x140242320
                                                                                                                                                                                                                                    Dart_CurrentIsolateGroupId280x1402423b0
                                                                                                                                                                                                                                    Dart_DebugName290x1402424c0
                                                                                                                                                                                                                                    Dart_DebugNameToCString300x140242780
                                                                                                                                                                                                                                    Dart_DefaultCanonicalizeUrl310x14025c630
                                                                                                                                                                                                                                    Dart_DeferredLoadComplete320x14025f850
                                                                                                                                                                                                                                    Dart_DeferredLoadCompleteError330x14025fc80
                                                                                                                                                                                                                                    Dart_DeleteFinalizableHandle340x140241160
                                                                                                                                                                                                                                    Dart_DeletePersistentHandle350x140240d70
                                                                                                                                                                                                                                    Dart_DeleteWeakPersistentHandle360x140240f60
                                                                                                                                                                                                                                    Dart_DetectNullSafety370x140260d20
                                                                                                                                                                                                                                    Dart_DisableHeapSampling380x140004e80
                                                                                                                                                                                                                                    Dart_DoubleValue390x14024c340
                                                                                                                                                                                                                                    Dart_DumpNativeStackTrace400x140004e80
                                                                                                                                                                                                                                    Dart_EmptyString410x140245ae0
                                                                                                                                                                                                                                    Dart_EnableHeapSampling420x140004e80
                                                                                                                                                                                                                                    Dart_EnterIsolate430x1402428e0
                                                                                                                                                                                                                                    Dart_EnterScope440x140245570
                                                                                                                                                                                                                                    Dart_ErrorGetException450x14023e840
                                                                                                                                                                                                                                    Dart_ErrorGetStackTrace460x14023eb30
                                                                                                                                                                                                                                    Dart_ErrorHasException470x14023e640
                                                                                                                                                                                                                                    Dart_ExecuteInternalCommand480x140262760
                                                                                                                                                                                                                                    Dart_ExitIsolate490x140243690
                                                                                                                                                                                                                                    Dart_ExitScope500x1402456f0
                                                                                                                                                                                                                                    Dart_False510x14024cc00
                                                                                                                                                                                                                                    Dart_FinalizeAllClasses520x140262730
                                                                                                                                                                                                                                    Dart_FinalizeLoading530x14025f5d0
                                                                                                                                                                                                                                    Dart_FunctionIsStatic540x140249ff0
                                                                                                                                                                                                                                    Dart_FunctionName550x1402494f0
                                                                                                                                                                                                                                    Dart_FunctionOwner560x140249c10
                                                                                                                                                                                                                                    Dart_GetClass570x14025d0a0
                                                                                                                                                                                                                                    Dart_GetCurrentUserTag580x140260e90
                                                                                                                                                                                                                                    Dart_GetDataFromByteBuffer590x140255f20
                                                                                                                                                                                                                                    Dart_GetDefaultUserTag600x140261120
                                                                                                                                                                                                                                    Dart_GetError610x14023e320
                                                                                                                                                                                                                                    Dart_GetField620x140258b90
                                                                                                                                                                                                                                    Dart_GetLoadedLibraries630x14025eb40
                                                                                                                                                                                                                                    Dart_GetMainPortId640x1402454d0
                                                                                                                                                                                                                                    Dart_GetMessageNotifyCallback650x140243a10
                                                                                                                                                                                                                                    Dart_GetNativeArgument660x14025b0d0
                                                                                                                                                                                                                                    Dart_GetNativeArgumentCount670x14025b3e0
                                                                                                                                                                                                                                    Dart_GetNativeArguments680x14025a7e0
                                                                                                                                                                                                                                    Dart_GetNativeBooleanArgument690x14025b820
                                                                                                                                                                                                                                    Dart_GetNativeDoubleArgument700x14025b8b0
                                                                                                                                                                                                                                    Dart_GetNativeFieldsOfArgument710x14025b400
                                                                                                                                                                                                                                    Dart_GetNativeInstanceField720x14025a170
                                                                                                                                                                                                                                    Dart_GetNativeInstanceFieldCount730x140259ea0
                                                                                                                                                                                                                                    Dart_GetNativeIntegerArgument740x14025b790
                                                                                                                                                                                                                                    Dart_GetNativeIsolateGroupData750x14025a7c0
                                                                                                                                                                                                                                    Dart_GetNativeReceiver760x14025b490
                                                                                                                                                                                                                                    Dart_GetNativeResolver770x14025ff70
                                                                                                                                                                                                                                    Dart_GetNativeStringArgument780x14025b610
                                                                                                                                                                                                                                    Dart_GetNativeSymbol790x140260250
                                                                                                                                                                                                                                    Dart_GetNonNullableType800x14025ddb0
                                                                                                                                                                                                                                    Dart_GetNullableType810x14025dd90
                                                                                                                                                                                                                                    Dart_GetObfuscationMap820x140260e60
                                                                                                                                                                                                                                    Dart_GetPeer830x1402607e0
                                                                                                                                                                                                                                    Dart_GetStaticMethodClosure840x14024c600
                                                                                                                                                                                                                                    Dart_GetStickyError850x140242f50
                                                                                                                                                                                                                                    Dart_GetType860x14025d5f0
                                                                                                                                                                                                                                    Dart_GetTypeOfExternalTypedData870x140254110
                                                                                                                                                                                                                                    Dart_GetTypeOfTypedData880x140253f50
                                                                                                                                                                                                                                    Dart_GetUserTagLabel890x1402619f0
                                                                                                                                                                                                                                    Dart_HandleFromPersistent900x14023ff70
                                                                                                                                                                                                                                    Dart_HandleFromWeakPersistent910x1402401b0
                                                                                                                                                                                                                                    Dart_HandleMessage920x1402442b0
                                                                                                                                                                                                                                    Dart_HandleServiceMessages930x140011c20
                                                                                                                                                                                                                                    Dart_HasLivePorts940x140244c70
                                                                                                                                                                                                                                    Dart_HasServiceMessages950x1400014c0
                                                                                                                                                                                                                                    Dart_HasStickyError960x140242eb0
                                                                                                                                                                                                                                    Dart_IdentityEquals970x14023fd30
                                                                                                                                                                                                                                    Dart_Initialize980x140241400
                                                                                                                                                                                                                                    Dart_InstanceGetType990x140249160
                                                                                                                                                                                                                                    Dart_IntegerFitsIntoInt641000x14024a960
                                                                                                                                                                                                                                    Dart_IntegerFitsIntoUint641010x14024ac10
                                                                                                                                                                                                                                    Dart_IntegerToHexCString1020x14024bd90
                                                                                                                                                                                                                                    Dart_IntegerToInt641030x14024b7b0
                                                                                                                                                                                                                                    Dart_IntegerToUint641040x14024ba80
                                                                                                                                                                                                                                    Dart_Invoke1050x1402580b0
                                                                                                                                                                                                                                    Dart_InvokeClosure1060x1402586f0
                                                                                                                                                                                                                                    Dart_InvokeConstructor1070x1402577f0
                                                                                                                                                                                                                                    Dart_InvokeVMServiceMethod1080x1402626d0
                                                                                                                                                                                                                                    Dart_IsApiError1090x14023dbe0
                                                                                                                                                                                                                                    Dart_IsBoolean1100x1402471c0
                                                                                                                                                                                                                                    Dart_IsByteBuffer1110x140248d00
                                                                                                                                                                                                                                    Dart_IsClosure1120x140248720
                                                                                                                                                                                                                                    Dart_IsCompilationError1130x14023dea0
                                                                                                                                                                                                                                    Dart_IsDouble1140x140247020
                                                                                                                                                                                                                                    Dart_IsError1150x14023da10
                                                                                                                                                                                                                                    Dart_IsExternalString1160x1402476a0
                                                                                                                                                                                                                                    Dart_IsFatalError1170x14023e1c0
                                                                                                                                                                                                                                    Dart_IsFunction1180x140248240
                                                                                                                                                                                                                                    Dart_IsFuture1190x140248ea0
                                                                                                                                                                                                                                    Dart_IsInstance1200x140246b00
                                                                                                                                                                                                                                    Dart_IsInteger1210x140246e80
                                                                                                                                                                                                                                    Dart_IsKernel1220x140243790
                                                                                                                                                                                                                                    Dart_IsKernelIsolate1230x1400014c0
                                                                                                                                                                                                                                    Dart_IsLegacyType1240x14025e450
                                                                                                                                                                                                                                    Dart_IsLibrary1250x140247ef0
                                                                                                                                                                                                                                    Dart_IsList1260x140247840
                                                                                                                                                                                                                                    Dart_IsMap1270x140247bb0
                                                                                                                                                                                                                                    Dart_IsNonNullableType1280x14025e440
                                                                                                                                                                                                                                    Dart_IsNull1290x140245990
                                                                                                                                                                                                                                    Dart_IsNullableType1300x14025e170
                                                                                                                                                                                                                                    Dart_IsNumber1310x140246ce0
                                                                                                                                                                                                                                    Dart_IsPausedOnExit1320x1400014c0
                                                                                                                                                                                                                                    Dart_IsPausedOnStart1330x1400014c0
                                                                                                                                                                                                                                    Dart_IsPrecompiledRuntime1340x140011c20
                                                                                                                                                                                                                                    Dart_IsReloading1350x1400014c0
                                                                                                                                                                                                                                    Dart_IsServiceIsolate1360x1400014c0
                                                                                                                                                                                                                                    Dart_IsString1370x140247360
                                                                                                                                                                                                                                    Dart_IsStringLatin11380x140247500
                                                                                                                                                                                                                                    Dart_IsTearOff1390x1402488c0
                                                                                                                                                                                                                                    Dart_IsType1400x140248090
                                                                                                                                                                                                                                    Dart_IsTypeVariable1410x140248580
                                                                                                                                                                                                                                    Dart_IsTypedData1420x140248ae0
                                                                                                                                                                                                                                    Dart_IsUnhandledExceptionError1430x14023dd40
                                                                                                                                                                                                                                    Dart_IsVMFlagSet1440x1402414d0
                                                                                                                                                                                                                                    Dart_IsVariable1450x1402483e0
                                                                                                                                                                                                                                    Dart_IsolateData1460x140242280
                                                                                                                                                                                                                                    Dart_IsolateFlagsInitialize1470x140241ad0
                                                                                                                                                                                                                                    Dart_IsolateGroupData1480x140242450
                                                                                                                                                                                                                                    Dart_IsolateGroupHeapNewCapacityMetric1490x1402416e0
                                                                                                                                                                                                                                    Dart_IsolateGroupHeapNewExternalMetric1500x140241760
                                                                                                                                                                                                                                    Dart_IsolateGroupHeapNewUsedMetric1510x140241660
                                                                                                                                                                                                                                    Dart_IsolateGroupHeapOldCapacityMetric1520x140241560
                                                                                                                                                                                                                                    Dart_IsolateGroupHeapOldExternalMetric1530x1402415e0
                                                                                                                                                                                                                                    Dart_IsolateGroupHeapOldUsedMetric1540x1402414e0
                                                                                                                                                                                                                                    Dart_IsolateMakeRunnable1550x1402437c0
                                                                                                                                                                                                                                    Dart_IsolateRunnableHeapSizeMetric1560x14015aeb0
                                                                                                                                                                                                                                    Dart_IsolateRunnableLatencyMetric1570x14015aeb0
                                                                                                                                                                                                                                    Dart_IsolateServiceId1580x140242860
                                                                                                                                                                                                                                    Dart_KernelIsolateIsRunning1590x1400014c0
                                                                                                                                                                                                                                    Dart_KernelListDependencies1600x140260ce0
                                                                                                                                                                                                                                    Dart_KernelPort1610x1400014c0
                                                                                                                                                                                                                                    Dart_KillIsolate1620x14023db70
                                                                                                                                                                                                                                    Dart_LibraryHandleError1630x14025f220
                                                                                                                                                                                                                                    Dart_LibraryResolvedUrl1640x14025e7c0
                                                                                                                                                                                                                                    Dart_LibraryUrl1650x14025e460
                                                                                                                                                                                                                                    Dart_ListGetAsBytes1660x1402520a0
                                                                                                                                                                                                                                    Dart_ListGetAt1670x140250e60
                                                                                                                                                                                                                                    Dart_ListGetRange1680x140251350
                                                                                                                                                                                                                                    Dart_ListLength1690x1402509b0
                                                                                                                                                                                                                                    Dart_ListSetAsBytes1700x140252db0
                                                                                                                                                                                                                                    Dart_ListSetAt1710x140251af0
                                                                                                                                                                                                                                    Dart_LoadELF1720x140026430
                                                                                                                                                                                                                                    Dart_LoadELF_Memory1730x140026520
                                                                                                                                                                                                                                    Dart_LoadLibrary1740x14025f5b0
                                                                                                                                                                                                                                    Dart_LoadLibraryFromKernel1750x14025f590
                                                                                                                                                                                                                                    Dart_LoadScriptFromKernel1760x14025cb80
                                                                                                                                                                                                                                    Dart_LoadingUnitLibraryUris1770x140260e00
                                                                                                                                                                                                                                    Dart_LookupLibrary1780x14025ee80
                                                                                                                                                                                                                                    Dart_MapContainsKey1790x140253890
                                                                                                                                                                                                                                    Dart_MapGetAt1800x140253500
                                                                                                                                                                                                                                    Dart_MapKeys1810x140253c20
                                                                                                                                                                                                                                    Dart_New1820x140256230
                                                                                                                                                                                                                                    Dart_NewApiError1830x14023ee20
                                                                                                                                                                                                                                    Dart_NewBoolean1840x14024cc10
                                                                                                                                                                                                                                    Dart_NewByteBuffer1850x140254db0
                                                                                                                                                                                                                                    Dart_NewCompilationError1860x14023f110
                                                                                                                                                                                                                                    Dart_NewDouble1870x14024c060
                                                                                                                                                                                                                                    Dart_NewExternalLatin1String1880x14024df00
                                                                                                                                                                                                                                    Dart_NewExternalTypedData1890x140254900
                                                                                                                                                                                                                                    Dart_NewExternalTypedDataWithFinalizer1900x140254d70
                                                                                                                                                                                                                                    Dart_NewExternalUTF16String1910x14024e2a0
                                                                                                                                                                                                                                    Dart_NewFinalizableHandle1920x140240b10
                                                                                                                                                                                                                                    Dart_NewInteger1930x14024aee0
                                                                                                                                                                                                                                    Dart_NewIntegerFromHexCString1940x14024b4b0
                                                                                                                                                                                                                                    Dart_NewIntegerFromUint641950x14024b1b0
                                                                                                                                                                                                                                    Dart_NewList1960x14024fe30
                                                                                                                                                                                                                                    Dart_NewListOf1970x14024fe40
                                                                                                                                                                                                                                    Dart_NewListOfType1980x140250200
                                                                                                                                                                                                                                    Dart_NewListOfTypeFilled1990x140250570
                                                                                                                                                                                                                                    Dart_NewNativePort2000x140262520
                                                                                                                                                                                                                                    Dart_NewPersistentHandle2010x140240410
                                                                                                                                                                                                                                    Dart_NewSendPort2020x140244ec0
                                                                                                                                                                                                                                    Dart_NewStringFromCString2030x140244970
                                                                                                                                                                                                                                    Dart_NewStringFromUTF162040x14024d880
                                                                                                                                                                                                                                    Dart_NewStringFromUTF322050x14024dbc0
                                                                                                                                                                                                                                    Dart_NewStringFromUTF82060x14024d520
                                                                                                                                                                                                                                    Dart_NewTypedData2070x140254330
                                                                                                                                                                                                                                    Dart_NewUnhandledExceptionError2080x14023f410
                                                                                                                                                                                                                                    Dart_NewUnmodifiableExternalTypedDataWithFinalizer2090x140254d90
                                                                                                                                                                                                                                    Dart_NewUserTag2100x1402613b0
                                                                                                                                                                                                                                    Dart_NewWeakPersistentHandle2110x1402408b0
                                                                                                                                                                                                                                    Dart_NotifyDestroyed2120x140243350
                                                                                                                                                                                                                                    Dart_NotifyIdle2130x1402431b0
                                                                                                                                                                                                                                    Dart_NotifyLowMemory2140x1402434e0
                                                                                                                                                                                                                                    Dart_Null2150x140240400
                                                                                                                                                                                                                                    Dart_ObjectEquals2160x140246360
                                                                                                                                                                                                                                    Dart_ObjectIsType2170x1402466c0
                                                                                                                                                                                                                                    Dart_Post2180x140244ca0
                                                                                                                                                                                                                                    Dart_PostCObject2190x1402623c0
                                                                                                                                                                                                                                    Dart_PostInteger2200x140262490
                                                                                                                                                                                                                                    Dart_Precompile2210x140260e00
                                                                                                                                                                                                                                    Dart_PrepareToAbort2220x140260e80
                                                                                                                                                                                                                                    Dart_PropagateError2230x14023f820
                                                                                                                                                                                                                                    Dart_ReThrowException2240x140259b20
                                                                                                                                                                                                                                    Dart_RecordTimelineEvent2250x140004e80
                                                                                                                                                                                                                                    Dart_RegisterHeapSamplingCallback2260x140004e80
                                                                                                                                                                                                                                    Dart_RegisterIsolateServiceRequestCallback2270x140004e80
                                                                                                                                                                                                                                    Dart_RegisterRootServiceRequestCallback2280x140004e80
                                                                                                                                                                                                                                    Dart_ReportSurvivingAllocations2290x140004e80
                                                                                                                                                                                                                                    Dart_RootLibrary2300x14025cba0
                                                                                                                                                                                                                                    Dart_RunLoop2310x140243ab0
                                                                                                                                                                                                                                    Dart_RunLoopAsync2320x140243f80
                                                                                                                                                                                                                                    Dart_ScopeAllocate2330x1402458b0
                                                                                                                                                                                                                                    Dart_SendPortGetId2340x1402451c0
                                                                                                                                                                                                                                    Dart_ServiceSendDataEvent2350x1400014c0
                                                                                                                                                                                                                                    Dart_SetBooleanReturnValue2360x14025c190
                                                                                                                                                                                                                                    Dart_SetCurrentUserTag2370x140261690
                                                                                                                                                                                                                                    Dart_SetDartLibrarySourcesKernel2380x140004e80
                                                                                                                                                                                                                                    Dart_SetDeferredLoadHandler2390x14025cae0
                                                                                                                                                                                                                                    Dart_SetDoubleReturnValue2400x14025c440
                                                                                                                                                                                                                                    Dart_SetDwarfStackTraceFootnoteCallback2410x140260d50
                                                                                                                                                                                                                                    Dart_SetEmbedderInformationCallback2420x140004e80
                                                                                                                                                                                                                                    Dart_SetEnabledTimelineCategory2430x1400014c0
                                                                                                                                                                                                                                    Dart_SetEnvironmentCallback2440x14025c0f0
                                                                                                                                                                                                                                    Dart_SetFfiNativeResolver2450x140260530
                                                                                                                                                                                                                                    Dart_SetField2460x140259190
                                                                                                                                                                                                                                    Dart_SetFileModifiedCallback2470x1400014c0
                                                                                                                                                                                                                                    Dart_SetHeapSamplingPeriod2480x140004e80
                                                                                                                                                                                                                                    Dart_SetIntegerReturnValue2490x14025c2e0
                                                                                                                                                                                                                                    Dart_SetLibraryTagHandler2500x14025c590
                                                                                                                                                                                                                                    Dart_SetMessageNotifyCallback2510x1402438a0
                                                                                                                                                                                                                                    Dart_SetNativeInstanceField2520x14025a4a0
                                                                                                                                                                                                                                    Dart_SetNativeResolver2530x14025fcb0
                                                                                                                                                                                                                                    Dart_SetPausedOnExit2540x140242b60
                                                                                                                                                                                                                                    Dart_SetPausedOnStart2550x140242aa0
                                                                                                                                                                                                                                    Dart_SetPeer2560x140260a50
                                                                                                                                                                                                                                    Dart_SetPerformanceMode2570x140243500
                                                                                                                                                                                                                                    Dart_SetPersistentHandle2580x1402406b0
                                                                                                                                                                                                                                    Dart_SetReturnValue2590x14025b940
                                                                                                                                                                                                                                    Dart_SetRootLibrary2600x14025cdf0
                                                                                                                                                                                                                                    Dart_SetServiceStreamCallbacks2610x1400014c0
                                                                                                                                                                                                                                    Dart_SetShouldPauseOnExit2620x140242b00
                                                                                                                                                                                                                                    Dart_SetShouldPauseOnStart2630x140242a40
                                                                                                                                                                                                                                    Dart_SetStickyError2640x140242bc0
                                                                                                                                                                                                                                    Dart_SetThreadName2650x140260d90
                                                                                                                                                                                                                                    Dart_SetTimelineRecorderCallback2660x140004e80
                                                                                                                                                                                                                                    Dart_SetVMFlags2670x1402414c0
                                                                                                                                                                                                                                    Dart_SetWeakHandleReturnValue2680x14025bb10
                                                                                                                                                                                                                                    Dart_ShouldPauseOnExit2690x1400014c0
                                                                                                                                                                                                                                    Dart_ShouldPauseOnStart2700x1400014c0
                                                                                                                                                                                                                                    Dart_ShutdownIsolate2710x140241fb0
                                                                                                                                                                                                                                    Dart_SortClasses2720x140260de0
                                                                                                                                                                                                                                    Dart_StartProfiling2730x140004e80
                                                                                                                                                                                                                                    Dart_StopProfiling2740x140004e80
                                                                                                                                                                                                                                    Dart_StringGetProperties2750x14024fb40
                                                                                                                                                                                                                                    Dart_StringLength2760x14024cf60
                                                                                                                                                                                                                                    Dart_StringStorageSize2770x14024f880
                                                                                                                                                                                                                                    Dart_StringToCString2780x14024e640
                                                                                                                                                                                                                                    Dart_StringToLatin12790x14024f090
                                                                                                                                                                                                                                    Dart_StringToUTF162800x14024f500
                                                                                                                                                                                                                                    Dart_StringToUTF82810x14024e9d0
                                                                                                                                                                                                                                    Dart_StringUTF8Length2820x14024d240
                                                                                                                                                                                                                                    Dart_ThreadDisableProfiling2830x140004e80
                                                                                                                                                                                                                                    Dart_ThreadEnableProfiling2840x140004e80
                                                                                                                                                                                                                                    Dart_ThrowException2850x140259850
                                                                                                                                                                                                                                    Dart_TimelineEvent2860x140004e80
                                                                                                                                                                                                                                    Dart_TimelineGetMicros2870x140260d60
                                                                                                                                                                                                                                    Dart_TimelineGetTicks2880x140260d70
                                                                                                                                                                                                                                    Dart_TimelineGetTicksFrequency2890x140260d80
                                                                                                                                                                                                                                    Dart_ToString2900x14023f9d0
                                                                                                                                                                                                                                    Dart_True2910x14024cbf0
                                                                                                                                                                                                                                    Dart_TypeDynamic2920x140245af0
                                                                                                                                                                                                                                    Dart_TypeNever2930x140246090
                                                                                                                                                                                                                                    Dart_TypeToNonNullableType2940x14025e160
                                                                                                                                                                                                                                    Dart_TypeToNullableType2950x14025ddd0
                                                                                                                                                                                                                                    Dart_TypeVoid2960x140245dc0
                                                                                                                                                                                                                                    Dart_TypedDataAcquireData2970x1402552d0
                                                                                                                                                                                                                                    Dart_TypedDataReleaseData2980x140255af0
                                                                                                                                                                                                                                    Dart_UnloadELF2990x140026600
                                                                                                                                                                                                                                    Dart_VersionString3000x1402413f0
                                                                                                                                                                                                                                    Dart_WaitForEvent3010x140244570
                                                                                                                                                                                                                                    Dart_WriteHeapSnapshot3020x140261c40
                                                                                                                                                                                                                                    Dart_WriteProfileToTimeline3030x1400014c0

                                                                                                                                                                                                                                    Possible Origin

                                                                                                                                                                                                                                    Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                    EnglishUnited States

                                                                                                                                                                                                                                    Network Behavior

                                                                                                                                                                                                                                    Snort IDS Alerts

                                                                                                                                                                                                                                    TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                    03/03/24-13:32:21.412111TCP2046056ET TROJAN Redline Stealer/MetaStealer Family Activity (Response)29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                    03/03/24-13:32:12.962499TCP2043231ET TROJAN Redline Stealer TCP CnC Activity497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    03/03/24-13:32:05.128395TCP2046056ET TROJAN Redline Stealer/MetaStealer Family Activity (Response)29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                    03/03/24-13:32:05.256436TCP2046056ET TROJAN Redline Stealer/MetaStealer Family Activity (Response)29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                    03/03/24-13:31:59.867235TCP2046045ET TROJAN [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization)497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    03/03/24-13:31:59.719964TCP2046045ET TROJAN [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization)497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    03/03/24-13:31:59.883479TCP2043234ET MALWARE Redline Stealer TCP CnC - Id1Response29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                    03/03/24-13:32:00.028789TCP2043234ET MALWARE Redline Stealer TCP CnC - Id1Response29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                    03/03/24-13:32:16.020247TCP2046045ET TROJAN [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization)497382909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    03/03/24-13:32:16.182547TCP2043234ET MALWARE Redline Stealer TCP CnC - Id1Response29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                    03/03/24-13:32:10.977333TCP2043231ET TROJAN Redline Stealer TCP CnC Activity497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    03/03/24-13:32:26.512386TCP2043231ET TROJAN Redline Stealer TCP CnC Activity497382909192.168.2.467.203.7.148

                                                                                                                                                                                                                                    Network Port Distribution

                                                                                                                                                                                                                                    TCP Packets

                                                                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:02.876496077 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:03.035753965 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:03.035835028 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:03.052067995 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:03.067537069 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:03.214983940 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:03.226378918 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:03.226452112 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:03.236754894 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:03.323288918 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:03.396831989 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:03.431893110 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:03.487766981 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:03.591993093 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:03.630321026 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:03.739675999 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:06.033668041 CET49731443192.168.2.437.59.29.33
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:06.033724070 CET4434973137.59.29.33192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:06.033792019 CET49731443192.168.2.437.59.29.33
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:06.056432962 CET49731443192.168.2.437.59.29.33
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:06.056447983 CET4434973137.59.29.33192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:06.418600082 CET4434973137.59.29.33192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:06.418672085 CET49731443192.168.2.437.59.29.33
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:06.419327974 CET49731443192.168.2.437.59.29.33
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:06.419334888 CET4434973137.59.29.33192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:06.419631004 CET4434973137.59.29.33192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:06.419682026 CET49731443192.168.2.437.59.29.33
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:06.469187021 CET49731443192.168.2.437.59.29.33
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:06.480473042 CET4973280192.168.2.437.59.29.33
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:06.649302006 CET804973237.59.29.33192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:06.649375916 CET4973280192.168.2.437.59.29.33
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:06.655987978 CET4973280192.168.2.437.59.29.33
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:06.824479103 CET804973237.59.29.33192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:06.826256990 CET804973237.59.29.33192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:06.826329947 CET804973237.59.29.33192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:06.826380014 CET804973237.59.29.33192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:06.826390982 CET804973237.59.29.33192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:06.826400995 CET804973237.59.29.33192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:06.826426983 CET4973280192.168.2.437.59.29.33
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:06.836090088 CET4973280192.168.2.437.59.29.33
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:07.005676985 CET804973237.59.29.33192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:07.005763054 CET804973237.59.29.33192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:07.005812883 CET4973280192.168.2.437.59.29.33
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:07.012067080 CET4973280192.168.2.437.59.29.33
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:07.180907011 CET804973237.59.29.33192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:07.224047899 CET4973280192.168.2.437.59.29.33
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:07.230633020 CET4973280192.168.2.437.59.29.33
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:07.324723959 CET49733443192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:07.324803114 CET4434973364.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:07.324898958 CET49733443192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:07.337148905 CET49733443192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:07.337187052 CET4434973364.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:07.399143934 CET804973237.59.29.33192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:07.399215937 CET4973280192.168.2.437.59.29.33
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:07.516814947 CET4434973364.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:07.516901970 CET49733443192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:07.518568039 CET49733443192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:07.518584967 CET4434973364.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:07.518775940 CET4434973364.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:07.519181967 CET49733443192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:07.569016933 CET49733443192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:07.579529047 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:07.667469978 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:07.667546988 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:07.672868013 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:07.761060953 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:07.762826920 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:07.762885094 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:07.762897015 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:07.762950897 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:07.773207903 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:07.861203909 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:07.861332893 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:07.861385107 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:07.867763042 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:07.996289968 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.124058962 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.169456005 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.169549942 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.170567036 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.256680965 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.256788015 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.257644892 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.392750025 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.406168938 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.406312943 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.414916039 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.414956093 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.415019035 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.431864023 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.434000969 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.434098959 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.442553997 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.442717075 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.442742109 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.442753077 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.442821026 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.443195105 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.443274975 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.444950104 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.493267059 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.529542923 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.531929016 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.536566019 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.540668011 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.649472952 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.681073904 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.681108952 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.681191921 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.688210011 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.688479900 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.688651085 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.688877106 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.689016104 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.689099073 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.689266920 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.689353943 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.689502001 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.689668894 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.689836025 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.689996004 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.690155029 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.690488100 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.690685987 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.703916073 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.706429005 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.712476969 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.712548971 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.712562084 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.712584019 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.712615013 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.712671041 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.775166988 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.775593042 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.775763035 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.775902033 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.776011944 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.776175022 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.776387930 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.776536942 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.776864052 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.776874065 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.776957035 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.777179956 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.777417898 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.777767897 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.793492079 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.793667078 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.795433044 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.813848972 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.813893080 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.813941956 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.813956022 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.814001083 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.814063072 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.871498108 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.882479906 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.882725954 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.914227009 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.958842993 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.959084988 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.959095001 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.959105015 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.959139109 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.959261894 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.963527918 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.963573933 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.963587999 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.963609934 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.963618994 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.963622093 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.963659048 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.963690996 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.963695049 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.963695049 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.969924927 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.970072985 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.970217943 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.972664118 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.020962000 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.057940006 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.058155060 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.058166027 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.058177948 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.058190107 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.058201075 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.058202982 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.058222055 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.058238029 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.058238983 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.058254957 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.058259010 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.058267117 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.058279991 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.058290005 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.058290958 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.058310986 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.058322906 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.058330059 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.058340073 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.058357000 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.058377981 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.058391094 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.058404922 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.058434010 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.058439970 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.058468103 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.058484077 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.058527946 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.058554888 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.058572054 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.058656931 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.058670044 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.058706999 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.058743000 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.058784962 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.058811903 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.064563036 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.099077940 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.138302088 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.145467043 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.145519018 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.145534992 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.145581961 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.145905972 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.145951986 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.146018982 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.146007061 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.146064997 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.146065950 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.146116972 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.146202087 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.146250010 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.146375895 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.146414042 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.146420956 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.146454096 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.146745920 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.146763086 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.146795034 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.146821022 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.146825075 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.146868944 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.146876097 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.146908045 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.146909952 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.146954060 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.146975994 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.146991968 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.147026062 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.147083998 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.147126913 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.147134066 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.147134066 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.147173882 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.147206068 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.147253036 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.147273064 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.147320986 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.147629023 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.147677898 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.147772074 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.147819042 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.147819996 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.147836924 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.147876978 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.147876978 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.147995949 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.148034096 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.148046017 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.148077965 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.148078918 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.148106098 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.148123026 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.148150921 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.148366928 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.148561001 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.148617983 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.148663998 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.148675919 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.148705959 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.148709059 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.148735046 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.148753881 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.148763895 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.148816109 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.148818016 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.148829937 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.148868084 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.148868084 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.148874998 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.148901939 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.148936033 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.148936033 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.148964882 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.149004936 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.149009943 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.149049997 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.149432898 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.149473906 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.149499893 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.149529934 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.149542093 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.149580956 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.149606943 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.149660110 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.149668932 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.149713993 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.149722099 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.149751902 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.149764061 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.149791956 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.149806976 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.149828911 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.149849892 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.149878979 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.186702967 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.186718941 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.186767101 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.186798096 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.228266954 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.232887983 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.232899904 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.232912064 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.232942104 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.232971907 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.233191013 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.233724117 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.233776093 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.233927965 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.233975887 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.234266043 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.234306097 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.234309912 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.234350920 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.234384060 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.234430075 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.234535933 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.234582901 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.234639883 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.234679937 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.234687090 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.234729052 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.235284090 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.235325098 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.235347986 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.235392094 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.235399008 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.235452890 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.235455036 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.235493898 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.235570908 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.235615969 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.235836029 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.235879898 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.236157894 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.236207008 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.236219883 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.236263990 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.236263990 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.236306906 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.236330032 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.236373901 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.236387014 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.236433983 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.236476898 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.236526012 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.236557007 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.236568928 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.236603975 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.236619949 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.236623049 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.236654997 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.236658096 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.236701965 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.236711979 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.236752987 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.236820936 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.236865044 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.236886978 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.236928940 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.236938000 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.236979008 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.237113953 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.237163067 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.237190008 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.237236977 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.237260103 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.237306118 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.237307072 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.237350941 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.237380981 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.237427950 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.237437010 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.237481117 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.237489939 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.237507105 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.237555027 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.237559080 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.237559080 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.237592936 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.237603903 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.237646103 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.237669945 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.237682104 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.237713099 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.237760067 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.237766027 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.237814903 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.237829924 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.237871885 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.237921000 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.237968922 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.237982988 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.238025904 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.238028049 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.238074064 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.238121033 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.238137960 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.238168955 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.238198996 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.238217115 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.238266945 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.238352060 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.238385916 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.238399029 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.238425970 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.238477945 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.238491058 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.238523006 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.238547087 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.238555908 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.238599062 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.238620996 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.238662004 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.238667011 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.238712072 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.238714933 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.238749981 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.238761902 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.238805056 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.238872051 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.238914967 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.238948107 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.238989115 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.239003897 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.239041090 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.239049911 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.239077091 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.239095926 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.239134073 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.239140034 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.239171982 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.239192963 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.239236116 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.239319086 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.239365101 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.239407063 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.239451885 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.239450932 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.239492893 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.239521980 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.239566088 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.239578962 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.239619970 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.239629030 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.239686012 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.239687920 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.239721060 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.239762068 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.239805937 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.239859104 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.239916086 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.239924908 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.239972115 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.240019083 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.240061998 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.240089893 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.240134001 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.240149021 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.240192890 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.240201950 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.240245104 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.240251064 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.240295887 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.240303993 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.240345955 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.240348101 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.240375996 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.240391970 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.240421057 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.240453005 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.240495920 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.240510941 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.240555048 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.240570068 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.240614891 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.240628004 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.240663052 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.240677118 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.240705013 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.240725040 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.240768909 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.240772009 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.240818024 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.240850925 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.240904093 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.240919113 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.240943909 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.240947962 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.240987062 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.241002083 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.241041899 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.260195971 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.274261951 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.274275064 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.274328947 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.274358988 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.274528027 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.274540901 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.274601936 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.274601936 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.309395075 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.314402103 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.320049047 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.320079088 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.320091009 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.320132017 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.320136070 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.320149899 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.320158005 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.320178986 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.320178986 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.320215940 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.320215940 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.320822954 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.320858002 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.320904970 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.321027040 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.321043968 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.321090937 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.321413040 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.321464062 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.321515083 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.321547985 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.321638107 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.321677923 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.321710110 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.321744919 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.321789026 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.321790934 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.321805000 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.321836948 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.321846962 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.321893930 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.321932077 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.321939945 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.321969032 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.322011948 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.322375059 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.322467089 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.322480917 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.322513103 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.322529078 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.322572947 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.322606087 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.322803020 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.322820902 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.322853088 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.322865009 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.322911024 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.322968006 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.323075056 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.323122978 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.323162079 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.323180914 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.323230028 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.323316097 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.323400974 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.323420048 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.323450089 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.323477983 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.323525906 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.323525906 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.323563099 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.323609114 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.323625088 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.323656082 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.323708057 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.323724985 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.323766947 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.323786020 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.323823929 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.323870897 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.323913097 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.323915958 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.323966980 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.324012995 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.324042082 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.324055910 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.324095964 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.324115038 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.324129105 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.324177980 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.324178934 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.324269056 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.324281931 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.324315071 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.324354887 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.324385881 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.324398994 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.324434996 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.324479103 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.324490070 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.324537039 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.324549913 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.324580908 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.324635983 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.324681997 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.324800014 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.324876070 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.324918985 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.324929953 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.324937105 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.324979067 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.325058937 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.325205088 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.325247049 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.325261116 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.325330019 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.325347900 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.325366974 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.325372934 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.325416088 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.325416088 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.325472116 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.325515032 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.325540066 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.325602055 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.325647116 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.325721025 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.325795889 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.325839996 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.325891018 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.325936079 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.325980902 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.326036930 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.326143026 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.326185942 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.326263905 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.326383114 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.326426029 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.326549053 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.326596022 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.326642036 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.326642990 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.326771021 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.326814890 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.326877117 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.326906919 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.326948881 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.327102900 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.327136993 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.327155113 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.327183008 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.327222109 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.327264071 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.327265024 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.327296972 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.327342033 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.327342033 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.327373028 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.327399015 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.327413082 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.327488899 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.327502012 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.327532053 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.327544928 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.327574968 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.327588081 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.327615976 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.327639103 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.327662945 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.327678919 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.327723026 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.327728987 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.327784061 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.327796936 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.327830076 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.327858925 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.327888966 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.327903986 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.327917099 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.327975988 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.327984095 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.328013897 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.328058004 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.328067064 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.328077078 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.328116894 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.328150988 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.328164101 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.328196049 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.328200102 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.328210115 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.328239918 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.328252077 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.328301907 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.328327894 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.328347921 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.328372002 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.328404903 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.328417063 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.328424931 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.328465939 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.328486919 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.328500032 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.328542948 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.328551054 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.328603983 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.328639030 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.328648090 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.328681946 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.328695059 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.328726053 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.328811884 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.349880934 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.420233965 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.429596901 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.437019110 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.474039078 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.489703894 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.520967007 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.589540005 CET4973580192.168.2.418.173.219.116
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.591013908 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.597219944 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.677222013 CET804973518.173.219.116192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.677309990 CET4973580192.168.2.418.173.219.116
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.677999973 CET4973580192.168.2.418.173.219.116
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.700385094 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.757531881 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.758332014 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.765635014 CET804973518.173.219.116192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.836528063 CET804973518.173.219.116192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.860240936 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.877490997 CET4973580192.168.2.418.173.219.116
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.911567926 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.923144102 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.974059105 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:10.092045069 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:10.251759052 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:10.262047052 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:10.420968056 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:10.420989037 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:10.421005964 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:10.422142982 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:10.423989058 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:10.424410105 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:10.583231926 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:10.583898067 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:10.584753990 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:10.586292982 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:10.630310059 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:10.669440985 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:10.692898989 CET4973580192.168.2.418.173.219.116
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:10.746001959 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:10.780531883 CET804973518.173.219.116192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:10.780591965 CET4973580192.168.2.418.173.219.116
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:10.786566973 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:10.822263002 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:10.828258991 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:10.828325033 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:10.828408003 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:10.828526974 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:10.828556061 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:10.828574896 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:10.832082033 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:10.837825060 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:10.841732979 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:10.981229067 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:10.981297970 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:10.981364012 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:10.981412888 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:10.981456995 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:10.981647015 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:11.001378059 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:11.009077072 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:11.140126944 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:11.142658949 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:11.144413948 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:11.168772936 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:11.170650005 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:11.304899931 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:11.306755066 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:11.335026026 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:11.379070044 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:11.466924906 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:11.467807055 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:11.537998915 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:11.538095951 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:11.538094997 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:11.538124084 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:11.538140059 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:11.538216114 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:11.538264036 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:11.538264990 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:11.538326025 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:11.538343906 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:11.538430929 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:11.538444996 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:11.538495064 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:11.539077997 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:11.539130926 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:11.539143085 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:11.539247990 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:11.539288998 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:11.539313078 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:11.627588987 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:11.677221060 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:11.696981907 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:11.697073936 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:11.697088957 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:11.697161913 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:11.697274923 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:11.697315931 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:11.697419882 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:11.697452068 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:11.697912931 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:11.698215961 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:11.698237896 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:11.698482990 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:11.699522018 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:11.704534054 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:11.739687920 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:11.864516973 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:11.909986973 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:11.925760984 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:12.082204103 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:12.084716082 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:12.084732056 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:12.084794998 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:12.084902048 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:12.084968090 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:12.085174084 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:12.085187912 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:12.085230112 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:12.085258007 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:12.085270882 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:12.085289955 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:12.085321903 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:12.085326910 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:12.085375071 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:12.085757971 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:12.085851908 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:12.085913897 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:12.086066961 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:12.241166115 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:12.243490934 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:12.243578911 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:12.243597031 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:12.243613005 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:12.243695021 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:12.243777990 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:12.243814945 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:12.243859053 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:12.244301081 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:12.244364023 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:12.244472027 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:12.244601011 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:12.244611979 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:12.244682074 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:12.244787931 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:12.244882107 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:12.245006084 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:12.245017052 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:12.245114088 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:12.245225906 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:12.245242119 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:12.245300055 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:12.245347977 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:12.245440006 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:12.245496988 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:12.245565891 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:12.245788097 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:12.276084900 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:12.276779890 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:12.278538942 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:12.405380964 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:12.437716961 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:12.458452940 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:12.472325087 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:12.511349916 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:12.632050037 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:12.640181065 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:12.682085991 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:12.724082947 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:12.736972094 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:12.800879955 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:12.807816982 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:12.896774054 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:12.906233072 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:12.967859030 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:12.969264984 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:13.065979004 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:13.066328049 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:13.129045963 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:13.136485100 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:13.226769924 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:13.233108997 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:13.295406103 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:13.295423031 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:13.295439005 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:13.306087017 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:13.349066973 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:13.397125959 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:13.419131994 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:13.442821980 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:13.454334974 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:13.578777075 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:13.579196930 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:13.738951921 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:13.739559889 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:13.901187897 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:13.942926884 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:14.091521025 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:17.545281887 CET497362909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:17.704267979 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:17.704349995 CET497362909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:17.715893984 CET497362909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:17.877543926 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:17.913727999 CET497362909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:18.075676918 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:18.130316019 CET497362909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:19.474076986 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:19.563344955 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:23.150708914 CET497362909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:23.317637920 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:23.317670107 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:23.317693949 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:23.317708015 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:23.317835093 CET497362909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:23.317835093 CET497362909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:23.477129936 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:23.520963907 CET497362909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:23.686278105 CET497362909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:23.849052906 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:23.895951033 CET497362909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:24.007530928 CET497362909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:24.166543007 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:24.166608095 CET497362909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:24.166805029 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:24.166816950 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:24.325984955 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:24.327466965 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:24.331904888 CET497362909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:24.491976023 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:24.519859076 CET497362909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:24.680428028 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:24.686830044 CET497362909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:24.773927927 CET497432909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:24.847007990 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:24.852910995 CET497362909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:24.933811903 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:24.936517000 CET497432909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:24.947952986 CET497432909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.013751030 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.067816973 CET497362909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.104681015 CET497362909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.136679888 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.176017046 CET497432909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.263684988 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.263705969 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.263770103 CET497362909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.263825893 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.263951063 CET497362909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.264000893 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.264048100 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.264125109 CET497362909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.264147043 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.264194965 CET497362909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.264225960 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.264290094 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.264292955 CET497362909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.264333963 CET497362909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.264527082 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.337354898 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.380322933 CET497432909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.422823906 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.422919035 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.422964096 CET497362909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.423022032 CET497362909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.423104048 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.423157930 CET497362909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.423312902 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.423382044 CET497362909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.423494101 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.423531055 CET497362909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.423607111 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.423655987 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.423692942 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.423789978 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.423799992 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.423815966 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.423825979 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.423835039 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.423850060 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.423860073 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.423873901 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.423990011 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.424000025 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.424041033 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.424057961 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.424067020 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.424077988 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.424104929 CET497362909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.424161911 CET497362909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.424175024 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.424194098 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.424226046 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.424238920 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.424304008 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.424367905 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.424535990 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.584439039 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.584584951 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.584594965 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.584733963 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.584743023 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.584867954 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.584877968 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.584887028 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.584896088 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.584906101 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.584981918 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.585144043 CET497362909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.585213900 CET497362909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.585413933 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.585594893 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.585603952 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.585741997 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.585751057 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.585849047 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.585859060 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.585867882 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.585871935 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.585880995 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.585896015 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.585912943 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.585923910 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.585932970 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.585942984 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.585952997 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.585963011 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.585977077 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.585985899 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.585994959 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.586004972 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.586009979 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.586218119 CET497362909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.586282969 CET497362909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.744252920 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.744266987 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.744318962 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.744335890 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.744430065 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.744534969 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.744609118 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.744698048 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.744709015 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.744816065 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.744837046 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.744847059 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.744906902 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.744983912 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.745121956 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.745300055 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.745347023 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.745443106 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.745532036 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.745655060 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.745665073 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.745749950 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.745827913 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.745881081 CET497362909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.745898962 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.745951891 CET497362909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.746042013 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.746143103 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.746217966 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.746247053 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.746284962 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.746385098 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.746448994 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.746490002 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.746500015 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.746650934 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.746685982 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.746695042 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.746704102 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.746795893 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.746874094 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.746885061 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.746989965 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.747044086 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.747054100 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.747097015 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.747215033 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.747225046 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.747396946 CET497362909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.747466087 CET497362909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.904989004 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.905086994 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.905194044 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.905245066 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.905509949 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.905649900 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.905814886 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.905831099 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.905874014 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.905894041 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.905961990 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.906009912 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.906019926 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.906033039 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.906096935 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.906132936 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.906188965 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.906277895 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.906393051 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.906404018 CET497362909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.906429052 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.906516075 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.906599045 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.906629086 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.906691074 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.906785011 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.906897068 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.906928062 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.907011032 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.907054901 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.907126904 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.907201052 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.907263041 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.907358885 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.907489061 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.907543898 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.907562017 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.907638073 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.907713890 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.907774925 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.907859087 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.907896042 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:25.907994032 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:26.065500975 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:26.065574884 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:26.065788031 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:26.065922976 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:26.065933943 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:26.066004992 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:26.066015005 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:26.066078901 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:26.066092968 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:26.066139936 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:26.066641092 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:26.070182085 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:26.114697933 CET497362909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:26.176935911 CET497362909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:26.337426901 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:26.347910881 CET497362909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:26.508811951 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:26.510581970 CET497362909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:26.688852072 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:26.689949036 CET497362909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:26.850259066 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:26.895951986 CET497362909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:27.370368004 CET497362909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:27.529328108 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:27.531440973 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:27.533261061 CET497362909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:27.693909883 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:27.700871944 CET497362909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:27.860028028 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:27.861336946 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:27.903717995 CET497362909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:28.064100981 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:28.114789963 CET497362909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:28.155149937 CET497362909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:28.320249081 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:28.322288990 CET497362909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:28.482620001 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:28.488902092 CET497362909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:28.648705006 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:28.649669886 CET497362909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:28.809335947 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:28.810894012 CET497362909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:28.974956989 CET29094973667.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:29.020935059 CET497362909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:29.084609985 CET497362909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:29.567828894 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:29.592405081 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:29.592448950 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:29.654920101 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:30.400509119 CET497432909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:30.567601919 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:30.567619085 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:30.567630053 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:30.567641973 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:30.567666054 CET497432909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:30.567734003 CET497432909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:30.726658106 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:30.770951986 CET497432909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:30.949362040 CET497432909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:31.110600948 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:31.161576986 CET497432909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:31.281858921 CET497432909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:31.446403980 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:31.450511932 CET497432909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:31.610274076 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:31.612379074 CET497432909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:31.772106886 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:31.773030043 CET497432909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:31.933197021 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:31.974087000 CET497432909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:32.059225082 CET497432909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:32.219125986 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:32.221627951 CET497432909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:32.381854057 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:32.427206039 CET497432909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:32.717667103 CET497432909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:32.876497984 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:32.876527071 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:32.876678944 CET497432909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:32.876713991 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:32.876725912 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:32.876734972 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:33.035815954 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:33.035855055 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:33.052066088 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:33.054873943 CET497432909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:33.214598894 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:33.255335093 CET497432909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:33.274306059 CET497432909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:33.435199022 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:33.443865061 CET497432909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:33.604013920 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:33.606944084 CET497432909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:33.767843008 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:33.778691053 CET497432909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:33.937696934 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:33.937731981 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:33.939347982 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:33.989716053 CET497432909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:34.304024935 CET497432909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:34.463198900 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:34.466707945 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:34.472611904 CET497432909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:34.636107922 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:34.677194118 CET497432909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:34.693788052 CET497432909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:34.854609013 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:34.856224060 CET497432909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.016669989 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.067828894 CET497432909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.085472107 CET497432909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.244354963 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.244430065 CET497432909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.244587898 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.244599104 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.244627953 CET497432909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.244678974 CET497432909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.244880915 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.244894981 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.244925022 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.244927883 CET497432909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.244935989 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.244981050 CET497432909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.245019913 CET497432909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.245138884 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.245181084 CET497432909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.245203972 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.245285034 CET497432909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.245342970 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.245417118 CET497432909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.245491982 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.245632887 CET497432909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.245666027 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.245728970 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.245843887 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.245862007 CET497432909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.245942116 CET497432909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.245973110 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.246038914 CET497432909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.246074915 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.246120930 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.246167898 CET497432909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.246185064 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.246226072 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.403332949 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.403400898 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.403420925 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.403531075 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.403642893 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.403690100 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.403707027 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.403803110 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.403884888 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.403901100 CET497432909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.403948069 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.404036045 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.404109001 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.404134989 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.404277086 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.404328108 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.404367924 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.404511929 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.404521942 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.404628992 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.404681921 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.404726028 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.404850006 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.404886961 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.404962063 CET497432909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.404964924 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.405005932 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.405066013 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.405095100 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.405143976 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.405153990 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.405383110 CET497432909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.406002998 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.406092882 CET497432909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.563117981 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.563401937 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.563412905 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.563421965 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.563505888 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.563579082 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.563644886 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.563743114 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.563752890 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.563898087 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.563935041 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.564028978 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.564100027 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.564192057 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.564249039 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.564296961 CET497432909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.564338923 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.564393044 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.564493895 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.564558983 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.564625025 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.564656973 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.564697981 CET497432909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.564804077 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.564898014 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.564913988 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.565001011 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.565011024 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.565088034 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.565135002 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.565263987 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.565397024 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.565458059 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.565537930 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.565594912 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.565639019 CET497432909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.565639973 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.565807104 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.566519022 CET497432909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.567485094 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.567576885 CET497432909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.723294973 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.723341942 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.723400116 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.723505974 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.723541975 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.723637104 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.724530935 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.724546909 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.724679947 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.724864006 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.724875927 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.724896908 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.725025892 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.725038052 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.725075006 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.725187063 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.725320101 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.725331068 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.725778103 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.725897074 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.725974083 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.726047993 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.726094007 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.726197958 CET497432909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.726238966 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.726321936 CET497432909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.726367950 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.726422071 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.726433039 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.726506948 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.726564884 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.726597071 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.726742029 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.726753950 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.726788044 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.726831913 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.727257967 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.727268934 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.727303982 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.727395058 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.727554083 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.727818012 CET497432909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.886432886 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.886468887 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.886636019 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.886912107 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.886921883 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.886929989 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.887058020 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.887656927 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.887686014 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.887701988 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.887734890 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.887744904 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.887823105 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.887833118 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.887870073 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.887880087 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.887907982 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.887974977 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.887985945 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.888027906 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.888231993 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.888282061 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.888290882 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.888322115 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.888386965 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.891804934 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:35.892359018 CET497432909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:36.052337885 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:36.053328991 CET497432909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:36.217556000 CET29094974367.203.7.148192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:36.270972967 CET497432909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:36.274622917 CET497432909192.168.2.467.203.7.148
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:39.661596060 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:39.748733044 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:49.755373001 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:49.816327095 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:49.816381931 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:49.842477083 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:59.849195957 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:59.936306953 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:44:09.942884922 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:44:10.030020952 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:44:20.036607981 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:44:20.123673916 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:44:30.130413055 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:44:30.217474937 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:44:40.224172115 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:44:40.248557091 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:44:40.248617887 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:44:40.311496019 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:44:50.317900896 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:44:50.404988050 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:45:00.411672115 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:45:00.473710060 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:45:00.473877907 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:45:00.499144077 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:45:10.505414009 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:45:10.595777035 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:45:20.599232912 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:45:20.686711073 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:45:30.692897081 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:45:30.780070066 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:45:40.786698103 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:45:40.873895884 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:45:50.880419970 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:45:50.904501915 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:45:50.904587984 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:45:50.967628956 CET804973464.31.23.30192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:46:00.974169016 CET4973480192.168.2.464.31.23.30
                                                                                                                                                                                                                                    Mar 3, 2024 13:46:01.062280893 CET804973464.31.23.30192.168.2.4

                                                                                                                                                                                                                                    UDP Packets

                                                                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:05.921649933 CET6122553192.168.2.41.1.1.1
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:06.010523081 CET53612251.1.1.1192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:07.233640909 CET6472553192.168.2.41.1.1.1
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:07.322459936 CET53647251.1.1.1192.168.2.4
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.480169058 CET6213153192.168.2.41.1.1.1
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.587120056 CET53621311.1.1.1192.168.2.4

                                                                                                                                                                                                                                    DNS Queries

                                                                                                                                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:05.921649933 CET192.168.2.41.1.1.10xd273Standard query (0)boot.net.anydesk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:07.233640909 CET192.168.2.41.1.1.10x4234Standard query (0)relay-d7627e96.net.anydesk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.480169058 CET192.168.2.41.1.1.10xa5c9Standard query (0)api.playanext.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                    DNS Answers

                                                                                                                                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:06.010523081 CET1.1.1.1192.168.2.40xd273No error (0)boot.net.anydesk.com37.59.29.33A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:07.322459936 CET1.1.1.1192.168.2.40x4234No error (0)relay-d7627e96.net.anydesk.com64.31.23.30A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.587120056 CET1.1.1.1192.168.2.40xa5c9No error (0)api.playanext.comd1atxff5avezsq.cloudfront.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.587120056 CET1.1.1.1192.168.2.40xa5c9No error (0)d1atxff5avezsq.cloudfront.net18.173.219.85A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.587120056 CET1.1.1.1192.168.2.40xa5c9No error (0)d1atxff5avezsq.cloudfront.net18.173.219.36A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.587120056 CET1.1.1.1192.168.2.40xa5c9No error (0)d1atxff5avezsq.cloudfront.net18.173.219.118A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.587120056 CET1.1.1.1192.168.2.40xa5c9No error (0)d1atxff5avezsq.cloudfront.net18.173.219.116A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                    HTTP Request Dependency Graph

                                                                                                                                                                                                                                    • api.playanext.comuser-agent: anydesk

                                                                                                                                                                                                                                    HTTP Packets

                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                    0192.168.2.44973237.59.29.33808108C:\ProgramData\WinNet\AnyDesk.exe
                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:06.655987978 CET273OUTData Raw: 16 03 01 01 0c 01 00 01 08 03 03 44 da 06 8a b0 cb ff 64 ed 8c cc bf 49 7a 09 3c cb af 32 0a e9 40 11 14 f4 b0 e0 7a 99 39 a1 09 00 00 6e c0 30 c0 2c c0 28 c0 24 c0 14 c0 0a 00 a5 00 a3 00 a1 00 9f 00 6b 00 6a 00 69 00 68 00 39 00 38 00 37 00 36
                                                                                                                                                                                                                                    Data Ascii: DdIz<2@z9n0,($kjih98762.*&=5/+'#g@?>32101-)%</q#
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:06.826256990 CET536INData Raw: 16 03 03 00 57 02 00 00 53 03 03 33 dc 0f d7 9d fc 4a b9 68 a2 77 d7 3c 6f 8a 30 65 e0 a7 09 3f 9c 27 4b 44 4f 57 4e 47 52 44 01 20 2b 62 f2 c9 a4 ef fe 1a 5b 49 07 93 38 98 da 71 dc 20 22 0e a5 e2 2b 67 b6 57 a2 5d 5b 31 d8 45 c0 2c 00 00 0b ff
                                                                                                                                                                                                                                    Data Ascii: WS3Jhw<o0e?'KDOWNGRD +b[I8q "+gW][1E,C0?0'0vtS$0*H0H10UAnyNet Root CA1 0Uphilandro Software GmbH10UDE0181118021423Z281115021
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:06.826329947 CET536INData Raw: e6 e8 20 b9 4b 8b bb 63 de 6f 65 6a 9f 5d d7 c1 97 9b 2d 30 4e 9a 81 85 b4 1c 92 a6 ed d8 7a f9 df 9d 03 b3 90 9c 78 a9 c8 ba 0e 3c ac ec 14 db 7d 51 b3 97 06 b9 f6 77 60 ab fe 59 83 af 8e 97 56 29 c7 db 7e 71 79 d1 c7 f7 da b6 c8 f7 af 8f 24 e0
                                                                                                                                                                                                                                    Data Ascii: Kcoej]-0Nzx<}Qw`YV)~qy$ZG|'SO^jl$|XM+")+{n\&9S|4xLp|aZ.qDL\vq$;OroCs4|z\8[TRxU>R
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:06.826380014 CET536INData Raw: 35 35 5a 17 0d 32 34 30 34 30 38 30 32 33 37 35 35 5a 30 48 31 17 30 15 06 03 55 04 03 0c 0e 41 6e 79 4e 65 74 20 52 6f 6f 74 20 43 41 31 20 30 1e 06 03 55 04 0a 0c 17 70 68 69 6c 61 6e 64 72 6f 20 53 6f 66 74 77 61 72 65 20 47 6d 62 48 31 0b 30
                                                                                                                                                                                                                                    Data Ascii: 55Z240408023755Z0H10UAnyNet Root CA1 0Uphilandro Software GmbH10UDE0"0*H0AZ T7;h8m&i6p4p]|Zx1\{ZQ/3'h;jlaV
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:06.826390982 CET536INData Raw: 3c 1f 22 91 25 17 15 cc 42 82 da 3b a8 39 c7 2a 50 ca d9 4c a0 8c 95 33 75 03 70 b8 df a0 c9 b2 b2 8b 1b 38 83 79 32 c3 12 da 33 96 42 f4 91 11 aa c6 26 31 bc ea 43 8a 30 54 65 c5 43 9e 50 3b fa 91 93 0e 9d 3b 23 4a 3d 43 c1 c6 22 9b 68 af 2f fc
                                                                                                                                                                                                                                    Data Ascii: <"%B;9*PL3up8y23B&1C0TeCP;;#J=C"h/R"j.P0N0UeyXW6\bG0U#0eyXW6\bG0U00*HG`4%(^0VGv T=#
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:06.826400995 CET472INData Raw: ca b6 9b 39 e6 cf 27 d0 2c 99 74 d4 ca de 47 88 ed df f7 9c 3b ac 8a 62 d2 75 90 d9 00 81 d3 f8 c2 47 8e 9a bd 87 6d ce e5 9a 7f 28 76 a4 77 c6 3f b9 bf 4d f1 cb df 0f 2c 73 fe b4 60 e3 26 5e 83 f2 ae 36 56 94 e9 a7 9d a1 3d ca 5d 6e 3d 5d a8 6f
                                                                                                                                                                                                                                    Data Ascii: 9',tG;buGm(vw?M,s`&^6V=]n=]oh'g4E4{%QT?*Qd9wsfI+\+Wfp;q.Lgr:>4m`=D^!`l.:s&jAWrvZ=zP")Xut/r#3(
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:06.836090088 CET1094OUTData Raw: 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30 82 02 a8 30 82 01 90 02 01 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 19 31 17 30 15 06 03 55 04 03 0c 0e 41 6e 79 44 65 73 6b 20 43 6c 69 65 6e 74 30 20 17 0d 32 34 30 33 30 33 31 32 34 33
                                                                                                                                                                                                                                    Data Ascii: 000*H010UAnyDesk Client0 240303124305Z20740219124305Z010UAnyDesk Client0"0*H0=Xiu1L=26mDi~nc$k$7KL1r4N<\33S fge
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:07.005676985 CET51INData Raw: 14 03 03 00 01 01 16 03 03 00 28 cf 44 11 3e 10 6c c6 08 c9 02 96 1e b5 dc 35 cb 16 5d 69 50 0f 04 a6 d1 05 1d 8c ab 11 0a cc b4 1c e7 b7 d9 8f 3b 43 57
                                                                                                                                                                                                                                    Data Ascii: (D>l5]iP;CW
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:07.005763054 CET40INData Raw: 17 03 03 00 23 cf 44 11 3e 10 6c c6 09 68 2a b7 ac 0e 20 d8 ad bc 69 d6 99 ab 7f 69 be fc 27 98 4a 6c ea 29 56 f9 5f 63
                                                                                                                                                                                                                                    Data Ascii: #D>lh* ii'Jl)V_c
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:07.012067080 CET92OUTData Raw: 17 03 03 00 57 4b 27 e1 1c f5 49 9d 78 3a 88 79 39 29 28 7f fc 89 72 80 3b 79 50 8d 67 9b 2b e9 7c 65 8c 61 24 3e f6 8a b6 66 f5 88 72 bb c9 02 2b 45 f2 88 3b 82 7d 0f 08 6f 31 ae 8d 4d 09 34 ba 68 9b e4 45 55 c2 5e 0d e1 9b 25 32 b6 4b 8e f9 24
                                                                                                                                                                                                                                    Data Ascii: WK'Ix:y9)(r;yPg+|ea$>fr+E;}o1M4hEU^%2K$


                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                    1192.168.2.44973464.31.23.30808108C:\ProgramData\WinNet\AnyDesk.exe
                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:07.672868013 CET273OUTData Raw: 16 03 01 01 0c 01 00 01 08 03 03 ca 67 7b eb 66 e4 14 bc 08 5b c0 fa 48 8f e6 2b 6d 51 37 2d e5 d1 12 5d cd cc 7c 99 47 c1 56 cf 00 00 6e c0 30 c0 2c c0 28 c0 24 c0 14 c0 0a 00 a5 00 a3 00 a1 00 9f 00 6b 00 6a 00 69 00 68 00 39 00 38 00 37 00 36
                                                                                                                                                                                                                                    Data Ascii: g{f[H+mQ7-]|GVn0,($kjih98762.*&=5/+'#g@?>32101-)%</q#
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:07.762826920 CET1286INData Raw: 16 03 03 00 57 02 00 00 53 03 03 4a e9 cf 9c 28 ac 75 5a a0 7a 46 40 fc 63 67 11 9d 2b 84 c4 96 2f 1d a3 44 4f 57 4e 47 52 44 01 20 af 8b cf 1e bf 0d 6c d2 88 b3 ef 08 f4 f4 52 00 44 47 bd 74 20 86 aa b8 86 ba bc cc c2 a2 b7 a7 c0 2c 00 00 0b ff
                                                                                                                                                                                                                                    Data Ascii: WSJ(uZzF@cg+/DOWNGRD lRDGt ,C0?0'0vtS$0*H0H10UAnyNet Root CA1 0Uphilandro Software GmbH10UDE0181118021423Z281115021
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:07.762885094 CET1286INData Raw: 5a eb 51 2f 97 bf f6 fb 33 27 90 b3 d8 e4 e0 cd 68 3b 6a 87 6c a6 0d e7 d8 bd 61 df 56 6b 2a e1 1c 2b f5 9f bf 85 dd 8c 5b 06 1e 71 7f ba 4a a6 40 b0 77 17 ea 2c 3f 5b 94 14 85 2e ad 11 61 ab 88 f6 01 bb b3 47 6b e2 81 18 f1 8e 39 e6 d8 7b 0c 63
                                                                                                                                                                                                                                    Data Ascii: ZQ/3'h;jlaVk*+[qJ@w,?[.aGk9{cpu'-5={{Hy8-&~K2vf/bj@kXScuxI#ph3/L^}a}4AkP+g_R4gs@lo67Jv"rR}uMU#[~.K_e
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:07.762897015 CET44INData Raw: 68 69 6c 61 6e 64 72 6f 20 53 6f 66 74 77 61 72 65 20 47 6d 62 48 31 0b 30 09 06 03 55 04 06 13 02 44 45 16 03 03 00 04 0e 00 00 00
                                                                                                                                                                                                                                    Data Ascii: hilandro Software GmbH10UDE
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:07.773207903 CET1094OUTData Raw: 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30 82 02 a8 30 82 01 90 02 01 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 19 31 17 30 15 06 03 55 04 03 0c 0e 41 6e 79 44 65 73 6b 20 43 6c 69 65 6e 74 30 20 17 0d 32 34 30 33 30 33 31 32 34 33
                                                                                                                                                                                                                                    Data Ascii: 000*H010UAnyDesk Client0 240303124305Z20740219124305Z010UAnyDesk Client0"0*H0=Xiu1L=26mDi~nc$k$7KL1r4N<\33S fge
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:07.861203909 CET51INData Raw: 14 03 03 00 01 01 16 03 03 00 28 e9 b0 f7 bb 44 e6 10 cb 6b 51 d0 79 f0 57 e8 b9 0f 91 6a 14 84 f2 52 47 ce 8f 5d 10 90 2e 26 29 a9 2e 70 5c 63 73 a4 d6
                                                                                                                                                                                                                                    Data Ascii: (DkQyWjRG].&).p\cs
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:07.861332893 CET40INData Raw: 17 03 03 00 23 e9 b0 f7 bb 44 e6 10 cc 5e 3c 7a 1b 92 5e a1 40 6a f5 2b 63 71 ee 24 7b 74 77 d8 61 4b cd 2d 82 35 dd 6a
                                                                                                                                                                                                                                    Data Ascii: #D^<z^@j+cq${twaK-5j
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:07.867763042 CET92OUTData Raw: 17 03 03 00 57 56 f4 99 44 cb aa 07 1a d7 4a 6c 7f ba d3 05 e7 60 e0 83 de d9 32 45 cf 15 d6 f9 96 db a8 a9 02 f1 b5 ed 3e 32 8d 13 22 7c 95 f1 44 7c 82 6e 65 f3 de 7c 03 13 51 7b f7 7d 8b a7 cf 28 78 ef ac c2 14 b2 82 70 0a 0f e3 c8 13 28 2f a5
                                                                                                                                                                                                                                    Data Ascii: WVDJl`2E>2"|D|ne|Q{}(xp(/\@#3
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.124058962 CET146INData Raw: 17 03 03 00 8d e9 b0 f7 bb 44 e6 10 cd a6 8e e2 3b 8f 02 44 81 e2 87 ee cc 7a c2 38 9b 05 db 52 2e 29 60 c8 0a 06 5e b3 71 c6 60 23 0e 52 ee 6e ba 59 5a 8a 82 cd 4e bd 4e 93 e3 22 2f ee c6 3d 15 4f fd 46 73 77 bb be ac a9 2a ee 1a 43 57 8c 5f b8
                                                                                                                                                                                                                                    Data Ascii: D;Dz8R.)`^q`#RnYZNN"/=OFsw*CW_/wyc>'Zod2wkl/n.=A/Zv7|.~f
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:08.169456005 CET576OUTData Raw: 17 03 03 02 3b 56 f4 99 44 cb aa 07 1b a0 bf 39 5f 5d fa 33 d3 57 bd 6d a6 78 70 2f 48 ed 5a aa 2d f8 99 67 e3 af 46 74 a0 e6 1f ef 14 d2 be 9a 81 c5 f0 78 fd 7f 96 b1 45 4b 1d f4 01 dd 90 d2 83 ca 50 a0 3d fc 36 f8 67 29 8e 68 12 67 1e 3f 57 01
                                                                                                                                                                                                                                    Data Ascii: ;VD9_]3Wmxp/HZ-gFtxEKP=6g)hg?WG<lKz8jc5z]Kr?oad~isu>_uvsFp@)8&=Lx<eBwj >p[FNh(W(w%Mb~35#8;xkZ


                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                    2192.168.2.44973518.173.219.116808108C:\ProgramData\WinNet\AnyDesk.exe
                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.677999973 CET506OUTPOST /httpapi HTTP/1.1Host: api.playanext.comUser-Agent: AnyDesk/8.0.8Accept: */*Content-Length: 352Content-Type: application/x-www-form-urlencodedapi_key=c1426bd258099fa69f62933b466d4b77&event=[{"event_type":"check_offer","user_id":"db0d1542804f0aa5d1ce823eaac0ccac","session_id":1709469788715058,"ip":"$remote","event_properties":{"method_used":"Google Chrome Criteria Checker","offer_product":"Google Chrome","distributor":"AnyDesk","distributor_product":"AnyDesk","user_country":"Switzerland"}}
                                                                                                                                                                                                                                    Data Raw:
                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                    Mar 3, 2024 13:43:09.836528063 CET620INHTTP/1.1 200 OK
                                                                                                                                                                                                                                    Content-Type: application/json
                                                                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                    Date: Sun, 03 Mar 2024 12:43:09 GMT
                                                                                                                                                                                                                                    x-amzn-RequestId: 57fcf501-3fd2-4769-9aa9-ddb538e6fa63
                                                                                                                                                                                                                                    x-amz-apigw-id: UDZ-sEGIoAMETdQ=
                                                                                                                                                                                                                                    X-Amzn-Trace-Id: Root=1-65e4705d-5a15b29a5ef343ba4e7244af;Parent=58397a9aaf237937;Sampled=0;lineage=d7502c8f:0
                                                                                                                                                                                                                                    Via: 1.1 b88fe06cb643513c120238beec43283e.cloudfront.net (CloudFront), 1.1 a4edf08fb593b7ca4fee9a64018a186e.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                    X-Amz-Cf-Pop: JFK52-P4
                                                                                                                                                                                                                                    X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                    X-Amz-Cf-Pop: JFK52-P1
                                                                                                                                                                                                                                    X-Amz-Cf-Id: 8FHquIqPozjfCl8wKJeaVkIxdPamKcncu15VkdMvpyNNz0kCgKQzpA==


                                                                                                                                                                                                                                    Statistics

                                                                                                                                                                                                                                    CPU Usage

                                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                                    Memory Usage

                                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                                    High Level Behavior Distribution

                                                                                                                                                                                                                                    Click to dive into process behavior distribution

                                                                                                                                                                                                                                    Behavior

                                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                                    System Behavior

                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                    Target ID:0
                                                                                                                                                                                                                                    Start time:13:42:58
                                                                                                                                                                                                                                    Start date:03/03/2024
                                                                                                                                                                                                                                    Path:C:\Users\user\Desktop\SysrI6zSkJ.exe
                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                    Commandline:C:\Users\user\Desktop\SysrI6zSkJ.exe
                                                                                                                                                                                                                                    Imagebase:0x7ff752f70000
                                                                                                                                                                                                                                    File size:21'906'944 bytes
                                                                                                                                                                                                                                    MD5 hash:2E501240EC8B9AAB46D76A6504E44882
                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                                                                    • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000003.2259823166.000001589E200000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                    Target ID:1
                                                                                                                                                                                                                                    Start time:13:42:59
                                                                                                                                                                                                                                    Start date:03/03/2024
                                                                                                                                                                                                                                    Path:C:\Windows\System32\reg.exe
                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                    Commandline:REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /V Repository /t REG_SZ /F /D C:\ProgramData\WinNet\gg.exe
                                                                                                                                                                                                                                    Imagebase:0x7ff7a7570000
                                                                                                                                                                                                                                    File size:77'312 bytes
                                                                                                                                                                                                                                    MD5 hash:227F63E1D9008B36BDBCC4B397780BE4
                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                    Reputation:moderate
                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                    Target ID:2
                                                                                                                                                                                                                                    Start time:13:42:59
                                                                                                                                                                                                                                    Start date:03/03/2024
                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                    Commandline:cmd.exe /c C:\ProgramData\WinNet\embedded.exe
                                                                                                                                                                                                                                    Imagebase:0x7ff64f630000
                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                    Target ID:3
                                                                                                                                                                                                                                    Start time:13:42:59
                                                                                                                                                                                                                                    Start date:03/03/2024
                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                    Target ID:4
                                                                                                                                                                                                                                    Start time:13:42:59
                                                                                                                                                                                                                                    Start date:03/03/2024
                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                    Commandline:cmd.exe /c C:\ProgramData\WinNet\p.vbs
                                                                                                                                                                                                                                    Imagebase:0x7ff64f630000
                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                    Target ID:5
                                                                                                                                                                                                                                    Start time:13:42:59
                                                                                                                                                                                                                                    Start date:03/03/2024
                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                    Target ID:6
                                                                                                                                                                                                                                    Start time:13:42:59
                                                                                                                                                                                                                                    Start date:03/03/2024
                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                    Target ID:7
                                                                                                                                                                                                                                    Start time:13:42:59
                                                                                                                                                                                                                                    Start date:03/03/2024
                                                                                                                                                                                                                                    Path:C:\ProgramData\WinNet\embedded.exe
                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                    Commandline:C:\ProgramData\WinNet\embedded.exe
                                                                                                                                                                                                                                    Imagebase:0x7ff79f280000
                                                                                                                                                                                                                                    File size:12'371'456 bytes
                                                                                                                                                                                                                                    MD5 hash:DB408CB75C1D0DA769C19A6CBBE60D87
                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                                                                    • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000007.00000002.3477005535.0000022F0BB80000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                    • Rule: JoeSecurity_EXEembeddedinBATfile, Description: Yara detected EXE embedded in BAT file, Source: C:\ProgramData\WinNet\embedded.exe, Author: Joe Security
                                                                                                                                                                                                                                    Antivirus matches:
                                                                                                                                                                                                                                    • Detection: 58%, ReversingLabs
                                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                    Target ID:8
                                                                                                                                                                                                                                    Start time:13:42:59
                                                                                                                                                                                                                                    Start date:03/03/2024
                                                                                                                                                                                                                                    Path:C:\Windows\System32\wscript.exe
                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                    Commandline:"C:\Windows\System32\WScript.exe" "C:\ProgramData\WinNet\p.vbs"
                                                                                                                                                                                                                                    Imagebase:0x7ff6419f0000
                                                                                                                                                                                                                                    File size:170'496 bytes
                                                                                                                                                                                                                                    MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                    Target ID:9
                                                                                                                                                                                                                                    Start time:13:42:59
                                                                                                                                                                                                                                    Start date:03/03/2024
                                                                                                                                                                                                                                    Path:C:\Windows\System32\reg.exe
                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                    Commandline:REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /V Repository /t REG_SZ /F /D C:\ProgramData\WinNet\gg.exe
                                                                                                                                                                                                                                    Imagebase:0x7ff7a7570000
                                                                                                                                                                                                                                    File size:77'312 bytes
                                                                                                                                                                                                                                    MD5 hash:227F63E1D9008B36BDBCC4B397780BE4
                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                    Reputation:moderate
                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                    Target ID:10
                                                                                                                                                                                                                                    Start time:13:42:59
                                                                                                                                                                                                                                    Start date:03/03/2024
                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                    Commandline:cmd.exe /c C:\ProgramData\WinNet\AnyDesk.exe
                                                                                                                                                                                                                                    Imagebase:0x7ff64f630000
                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                    Target ID:11
                                                                                                                                                                                                                                    Start time:13:42:59
                                                                                                                                                                                                                                    Start date:03/03/2024
                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                    Target ID:12
                                                                                                                                                                                                                                    Start time:13:43:00
                                                                                                                                                                                                                                    Start date:03/03/2024
                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                    Commandline:cmd.exe /c C:\ProgramData\WinNet\p.vbs
                                                                                                                                                                                                                                    Imagebase:0x7ff64f630000
                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                    Target ID:13
                                                                                                                                                                                                                                    Start time:13:43:00
                                                                                                                                                                                                                                    Start date:03/03/2024
                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                    Target ID:14
                                                                                                                                                                                                                                    Start time:13:43:00
                                                                                                                                                                                                                                    Start date:03/03/2024
                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                    Target ID:15
                                                                                                                                                                                                                                    Start time:13:43:00
                                                                                                                                                                                                                                    Start date:03/03/2024
                                                                                                                                                                                                                                    Path:C:\ProgramData\WinNet\gg.exe
                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                    Commandline:"C:\ProgramData\WinNet\gg.exe"
                                                                                                                                                                                                                                    Imagebase:0xd60000
                                                                                                                                                                                                                                    File size:304'128 bytes
                                                                                                                                                                                                                                    MD5 hash:20AB063F206EB8115FDE1479E05C245E
                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                    • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000000F.00000002.1905680590.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                    • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000000F.00000000.1644111512.0000000000D62000.00000002.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                                                                                                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000F.00000002.1905680590.0000000003616000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                    • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\ProgramData\WinNet\gg.exe, Author: Joe Security
                                                                                                                                                                                                                                    Antivirus matches:
                                                                                                                                                                                                                                    • Detection: 71%, ReversingLabs
                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                    Target ID:16
                                                                                                                                                                                                                                    Start time:13:43:00
                                                                                                                                                                                                                                    Start date:03/03/2024
                                                                                                                                                                                                                                    Path:C:\ProgramData\WinNet\AnyDesk.exe
                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                    Commandline:C:\ProgramData\WinNet\AnyDesk.exe
                                                                                                                                                                                                                                    Imagebase:0xca0000
                                                                                                                                                                                                                                    File size:5'216'584 bytes
                                                                                                                                                                                                                                    MD5 hash:A21768190F3B9FEAE33AAEF660CB7A83
                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                    Antivirus matches:
                                                                                                                                                                                                                                    • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                    Target ID:17
                                                                                                                                                                                                                                    Start time:13:43:00
                                                                                                                                                                                                                                    Start date:03/03/2024
                                                                                                                                                                                                                                    Path:C:\Windows\System32\wscript.exe
                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                    Commandline:"C:\Windows\System32\WScript.exe" "C:\ProgramData\WinNet\p.vbs"
                                                                                                                                                                                                                                    Imagebase:0x7ff6419f0000
                                                                                                                                                                                                                                    File size:170'496 bytes
                                                                                                                                                                                                                                    MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                    Target ID:18
                                                                                                                                                                                                                                    Start time:13:43:01
                                                                                                                                                                                                                                    Start date:03/03/2024
                                                                                                                                                                                                                                    Path:C:\ProgramData\WinNet\gg.exe
                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                    Commandline:"C:\ProgramData\WinNet\gg.exe"
                                                                                                                                                                                                                                    Imagebase:0xb40000
                                                                                                                                                                                                                                    File size:304'128 bytes
                                                                                                                                                                                                                                    MD5 hash:20AB063F206EB8115FDE1479E05C245E
                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                    • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000012.00000002.1885800670.0000000003025000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                    Target ID:19
                                                                                                                                                                                                                                    Start time:13:43:02
                                                                                                                                                                                                                                    Start date:03/03/2024
                                                                                                                                                                                                                                    Path:C:\ProgramData\WinNet\AnyDesk.exe
                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                    Commandline:"C:\ProgramData\WinNet\AnyDesk.exe" --local-service
                                                                                                                                                                                                                                    Imagebase:0xca0000
                                                                                                                                                                                                                                    File size:5'216'584 bytes
                                                                                                                                                                                                                                    MD5 hash:A21768190F3B9FEAE33AAEF660CB7A83
                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                    Target ID:20
                                                                                                                                                                                                                                    Start time:13:43:03
                                                                                                                                                                                                                                    Start date:03/03/2024
                                                                                                                                                                                                                                    Path:C:\ProgramData\WinNet\AnyDesk.exe
                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                    Commandline:"C:\ProgramData\WinNet\AnyDesk.exe" --local-control
                                                                                                                                                                                                                                    Imagebase:0xca0000
                                                                                                                                                                                                                                    File size:5'216'584 bytes
                                                                                                                                                                                                                                    MD5 hash:A21768190F3B9FEAE33AAEF660CB7A83
                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                    Target ID:21
                                                                                                                                                                                                                                    Start time:13:43:13
                                                                                                                                                                                                                                    Start date:03/03/2024
                                                                                                                                                                                                                                    Path:C:\ProgramData\WinNet\gg.exe
                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                    Commandline:"C:\ProgramData\WinNet\gg.exe"
                                                                                                                                                                                                                                    Imagebase:0xe70000
                                                                                                                                                                                                                                    File size:304'128 bytes
                                                                                                                                                                                                                                    MD5 hash:20AB063F206EB8115FDE1479E05C245E
                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000015.00000002.2056075495.0000000003165000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                    • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000015.00000002.2056075495.0000000003165000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                    Target ID:23
                                                                                                                                                                                                                                    Start time:13:43:23
                                                                                                                                                                                                                                    Start date:03/03/2024
                                                                                                                                                                                                                                    Path:C:\ProgramData\WinNet\gg.exe
                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                    Commandline:"C:\ProgramData\WinNet\gg.exe"
                                                                                                                                                                                                                                    Imagebase:0x3d0000
                                                                                                                                                                                                                                    File size:304'128 bytes
                                                                                                                                                                                                                                    MD5 hash:20AB063F206EB8115FDE1479E05C245E
                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000017.00000002.2127671016.0000000002895000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                    • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000017.00000002.2127671016.0000000002895000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                    Disassembly

                                                                                                                                                                                                                                    Reset < >

                                                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                                                      Function 000001589FCCD448 Relevance: .8, Instructions: 802COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3479845439.000001589FCB4000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001589FCB4000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_1589fcb4000_SysrI6zSkJ.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: cf2fe28fef598741c2ecf4e55fd315f86f7e88fc84d962f22dc4bae8e59b4267
                                                                                                                                                                                                                                      • Instruction ID: a2bcbc8794c4ac0b82420a32f0f553839830cd106489964b1c74cc9fe630c172
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cf2fe28fef598741c2ecf4e55fd315f86f7e88fc84d962f22dc4bae8e59b4267
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D7424430628E19CFDB9DEF5CC8C4BA9B7E0FB98309F144959D469E7691CA31E8419BC0
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 000001589FCCD7AB Relevance: .5, Instructions: 460COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3479845439.000001589FCB4000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001589FCB4000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_1589fcb4000_SysrI6zSkJ.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: d8b877085ef47692e568aa4d8d3fcbee17eef3d3e509e95cbe048a70e8427783
                                                                                                                                                                                                                                      • Instruction ID: d8e7f86e88dadbed96ee3773609780055e0123af753aaf28e2f7a6b22c734698
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d8b877085ef47692e568aa4d8d3fcbee17eef3d3e509e95cbe048a70e8427783
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E1F15030628E19CFDB99DB1CC885BA9B7E0FB98309F144959D4A9F7291CA31F841DBD0
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 000001589FCC569C Relevance: .8, Instructions: 827COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3479845439.000001589FCB4000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001589FCB4000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_1589fcb4000_SysrI6zSkJ.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 0b66ff16af40232d7f2436a78117914e1098167ff2c971068d68cfdf4187609c
                                                                                                                                                                                                                                      • Instruction ID: 9e5babca65ac8a0adfc69a318f98e4b9a19ac62d848cbb8fcbead92e9e5d2c5d
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0b66ff16af40232d7f2436a78117914e1098167ff2c971068d68cfdf4187609c
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D1520D30628F09CFDB88EF59C8C9BA9B7E0FBA8705F504A5D9559D7251CB31B841CB81
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 000001589FCD2328 Relevance: .8, Instructions: 773COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3479845439.000001589FCB4000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001589FCB4000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_1589fcb4000_SysrI6zSkJ.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 23b44aa292820013d320316acf97590cd588a90dc143f171c35868205d26e301
                                                                                                                                                                                                                                      • Instruction ID: ecba246168be91b5f74e018a8528b3bb697f1bde4d8a90e42f83a15595d3093f
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 23b44aa292820013d320316acf97590cd588a90dc143f171c35868205d26e301
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 33425430628D1DCFDBA9EB6CC884BF9B3E0FB98309F544559D45DE7692CA31E8419B80
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 000001589FCC5EEC Relevance: .3, Instructions: 280COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3479845439.000001589FCB4000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001589FCB4000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_1589fcb4000_SysrI6zSkJ.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 4f6e2d5081d89460c3dca1a952d53b67a908dd308cf6f5b21d6a8310c3104190
                                                                                                                                                                                                                                      • Instruction ID: c9d1b26b9c9cc1a4a1416a7fc9629d6fc00ef0abfcee98d6e59e379099e92714
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4f6e2d5081d89460c3dca1a952d53b67a908dd308cf6f5b21d6a8310c3104190
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0FA11030518E19CFDB98EF5DC8C5AA9B7E0FBA8309F114959D559E7652CA30F840DB80
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 000001589FCF7110 Relevance: .1, Instructions: 141COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3479845439.000001589FCB4000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001589FCB4000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_1589fcb4000_SysrI6zSkJ.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: b1cb660ab3de78909866a30e2d998f022914bc6aac7eafa72df001fea3eae98d
                                                                                                                                                                                                                                      • Instruction ID: 429e29232b27a2110e73ac250abaeaa79ad6680b2b79b40d5aa3e16ffc6cc318
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b1cb660ab3de78909866a30e2d998f022914bc6aac7eafa72df001fea3eae98d
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CC417430524E1DCFDB98EF68C8857B9B7E0FBD830AF108959A46DE7652DA30E4408BC1
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 000001589FCB84D4 Relevance: .1, Instructions: 134COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3479845439.000001589FCB4000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001589FCB4000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_1589fcb4000_SysrI6zSkJ.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: d073ea6415d0db3c17bdc8a98aebfe16329abf3a99ce1380e324cf6d63500e2d
                                                                                                                                                                                                                                      • Instruction ID: 10305e007eaeeddb0c437cdf17736d8717876418312f26ea6bdd63f7e67a2700
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d073ea6415d0db3c17bdc8a98aebfe16329abf3a99ce1380e324cf6d63500e2d
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6C41723181CF848BE3194B5C9846BB6B3E4FBAD308F04970DE9DE91052DF71B5A68686
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 000001589FCD5936 Relevance: .1, Instructions: 123COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3479845439.000001589FCB4000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001589FCB4000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_1589fcb4000_SysrI6zSkJ.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: d0eaa389417a297514ba406972abe5c67d5c474a303992de1aae04ac59a65431
                                                                                                                                                                                                                                      • Instruction ID: 762501f45471ff6564f1e4e06be27035f28b379d5a418c065dd0b3b4d71d4c02
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d0eaa389417a297514ba406972abe5c67d5c474a303992de1aae04ac59a65431
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C5411F30618E188FDB98EF1DD4C1FB573E1EBA8319F50499DD48DD7692CA32E8528B81
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 000001589FCCAF34 Relevance: .1, Instructions: 120COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3479845439.000001589FCB4000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001589FCB4000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_1589fcb4000_SysrI6zSkJ.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 6ddf099b04ed4c520c7181b7dabb50bf80a25656aa7a09b37d330ab1ef30c892
                                                                                                                                                                                                                                      • Instruction ID: a65241ff47569fe1904ef06127a3b66bfac4e7f56391c86053b95d99583311e4
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6ddf099b04ed4c520c7181b7dabb50bf80a25656aa7a09b37d330ab1ef30c892
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 96410170628E19CFDB98EF58C885BBDB7E1FB98305F1088599469D7656CA30E8408B81
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 000001589FCEDB34 Relevance: .1, Instructions: 97COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3479845439.000001589FCB4000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001589FCB4000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_1589fcb4000_SysrI6zSkJ.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: b51a92f09b4acb07c4ffd6f45a2083d73a9e01bd2c3bef09065cd94cd88a9648
                                                                                                                                                                                                                                      • Instruction ID: c137f03d046f0292ffc171835f075efb1e775d45c9f88692366c22e4e6bb4f6b
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b51a92f09b4acb07c4ffd6f45a2083d73a9e01bd2c3bef09065cd94cd88a9648
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E2311830228E09CFDB98EF18D8C5AA9B7E0FBA8705F004659E459D7652DB30F850CBC1
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 000001589FCEDA54 Relevance: .1, Instructions: 97COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3479845439.000001589FCB4000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001589FCB4000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_1589fcb4000_SysrI6zSkJ.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 5da719434b85376a9c3353510d37723e1c2281e201ff7781b00b3def157fba24
                                                                                                                                                                                                                                      • Instruction ID: 986e94dcb6090da018439fe2456dc3a76e1ccfb1daebf03c7b6caed1ac8d65bb
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5da719434b85376a9c3353510d37723e1c2281e201ff7781b00b3def157fba24
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5B313A70618E19CFCB98EF19C4C5AAAB7E1FBAC705F00855DE45DD76A2CA30E8408BC1
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 000001589FCCC3C0 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3479845439.000001589FCB4000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001589FCB4000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_1589fcb4000_SysrI6zSkJ.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: fe14b9279ba77926b90e1d41dbcc05c6be5d4765db607cd81b5b2c4368556dfc
                                                                                                                                                                                                                                      • Instruction ID: 4a1c3ddde408c6aff9c4df4ba1610447c4ade4e1b8070d95a03f670acbceeca1
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fe14b9279ba77926b90e1d41dbcc05c6be5d4765db607cd81b5b2c4368556dfc
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 25214130618E588FDB98EF1CD885BB977E1FB9C30AF008859E45DD7656CA30E8908BC1
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 000001589FCCE508 Relevance: .1, Instructions: 82COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3479845439.000001589FCB4000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001589FCB4000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_1589fcb4000_SysrI6zSkJ.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 681b9a4a800e0ef6be880e6bd348049ae75e5febe25d3c7d46c93ab8f3283d3e
                                                                                                                                                                                                                                      • Instruction ID: de32b69715b31839fc60515c5fbc75e6027e02cf8dc42de89b9cf4a74a51034a
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 681b9a4a800e0ef6be880e6bd348049ae75e5febe25d3c7d46c93ab8f3283d3e
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 20213B30628F09CFDB98EF18DCC5AA9B7E0FBA8705F404959E45997651DA30F850CBC2
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 000001589FCFC758 Relevance: .1, Instructions: 78COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3479845439.000001589FCB4000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001589FCB4000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_1589fcb4000_SysrI6zSkJ.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: fc9ef544748c2a7be3db899d38eee1f136acb3edcc09006209ad3aeed25d80bb
                                                                                                                                                                                                                                      • Instruction ID: 5de46f2b4b0e651ba6896710bb2e2f92044dbba4b2d1aae47232873432ecea4d
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fc9ef544748c2a7be3db899d38eee1f136acb3edcc09006209ad3aeed25d80bb
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 06112232668F198EE65A9B189C4C7B6B3D5FBD431AF11866BD41AD3592CE35A0824280
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 000001589FCCB9A3 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3479845439.000001589FCB4000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001589FCB4000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_1589fcb4000_SysrI6zSkJ.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 281563b09eed1ecd67925fc7cb5515647ad93059964e2b5664bcd1f42ec34015
                                                                                                                                                                                                                                      • Instruction ID: 4309282ab07834dfce224bbf58b7ad47dbc90439ffd5a03dc725aeba028130dc
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 281563b09eed1ecd67925fc7cb5515647ad93059964e2b5664bcd1f42ec34015
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7A21BE30518E188FEB98EB6DD485EA5B7E0FB98305F14495DE09AD7693DF30E4409B44
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 000001589FCCE9D4 Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3479845439.000001589FCB4000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001589FCB4000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_1589fcb4000_SysrI6zSkJ.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 389c0b391266fb34b118ce1c8e38fd79864fcb64dcc735da8690d9e933070e9f
                                                                                                                                                                                                                                      • Instruction ID: 9c6db680dac1652c285bfb3e44834a3b1689baacfd4c4b9324ce4e184dbe5b93
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 389c0b391266fb34b118ce1c8e38fd79864fcb64dcc735da8690d9e933070e9f
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AB21D330618E09DFCBA8EF19D4C4A69B7E0FBA8705F004A59E45DE7656CA31F891CBC1
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 000001589FCCFE3C Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3479845439.000001589FCB4000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001589FCB4000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_1589fcb4000_SysrI6zSkJ.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 294c55edbca61f3c6331db7b14e3055d684de7df479dab46e0387f7a4e1d1996
                                                                                                                                                                                                                                      • Instruction ID: ee23dd326a2e60c6787f1857474fda614788ef5fcb1df1af14f94aa396fa5996
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 294c55edbca61f3c6331db7b14e3055d684de7df479dab46e0387f7a4e1d1996
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2B210030128E18CFDA59EF18D8C59A9B7E0FBD8305F50494DE499D7692DB30E890CB91
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 000001589FCCBA08 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3479845439.000001589FCB4000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001589FCB4000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_1589fcb4000_SysrI6zSkJ.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 8f7385ecc7052596c4579bc6f7983ea8f9df5870c898fa1959efe4d608000910
                                                                                                                                                                                                                                      • Instruction ID: 41780f7eb8525ffa963e23f2077d04a15a5b13b3e201b8d5ff29945cb872d229
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8f7385ecc7052596c4579bc6f7983ea8f9df5870c898fa1959efe4d608000910
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2C21B030518E18CFD6ACEB69D484A66B3E1FB98305F10895DD4DED7A92DE31F881DB80
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 000001589FCCF290 Relevance: .1, Instructions: 60COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3479845439.000001589FCB4000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001589FCB4000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_1589fcb4000_SysrI6zSkJ.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: ee72ad6feeeaf353972647b08f3706037533ac3c7dd2f60eef1c1ca0139d7d69
                                                                                                                                                                                                                                      • Instruction ID: 1c1c1f76421ebc0b746d292639e4edd8ebbf627155e740d6911a534ec7dabc96
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ee72ad6feeeaf353972647b08f3706037533ac3c7dd2f60eef1c1ca0139d7d69
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8211F830528F099BCF58EF18C8C69A9B7E0FBA8705F004959E59997652CA30F890CBD2
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 000001589FCCABF0 Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3479845439.000001589FCB4000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001589FCB4000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_1589fcb4000_SysrI6zSkJ.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 939c02088d8388d08030f0f1799d511c4131753c51de703cc4fde00347fef22e
                                                                                                                                                                                                                                      • Instruction ID: 5c4741a9d0edd7adb1ac6097a83bc5dff8672b782af26d0f5335f9c47d38596d
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 939c02088d8388d08030f0f1799d511c4131753c51de703cc4fde00347fef22e
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E3111230118E19CFDB98FF29C895AA9B7E0FB98319F004D59E55AE7642DA31F8508BC1
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 000001589FCF7268 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3479845439.000001589FCB4000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001589FCB4000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_1589fcb4000_SysrI6zSkJ.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 896f7fe8cb07652e25d4dcf164b18c28a2c145862c00b3cf21eae10ae4225739
                                                                                                                                                                                                                                      • Instruction ID: f28002c70880a3aa3c596c5e660cb60810eaea3a03a0ea97c0ba2dd20bf7c84b
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 896f7fe8cb07652e25d4dcf164b18c28a2c145862c00b3cf21eae10ae4225739
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EE01E530219F099BCB49EF59D8C5999B7E4FB6C701F004A1EE58983252CA30F950CBD6
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 000001589FCB672C Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3479845439.000001589FCB4000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001589FCB4000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_1589fcb4000_SysrI6zSkJ.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 809ea06d39b1e2c793cf4c41aaceab86aa382c27575111122cd3d4fb882ce2cf
                                                                                                                                                                                                                                      • Instruction ID: 42d2ddfe29dceb874857180697c8a89b3b9e3acd1c7da042eff60f777619e934
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 809ea06d39b1e2c793cf4c41aaceab86aa382c27575111122cd3d4fb882ce2cf
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DCF058B215C7882EB21C9945BC4BCB3B7DCE78632AB10452FF5CA81013E45278134AAA
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 000001589FCCE914 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3479845439.000001589FCB4000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001589FCB4000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_1589fcb4000_SysrI6zSkJ.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: b5124e427f025f8cfffb48da23bb4ac115d41395c6f5bc910c2c0b360d88ab61
                                                                                                                                                                                                                                      • Instruction ID: 938cc608e5c4465cb172379998fd4b63c0f0a643dd2a2074c4ceeac245129827
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b5124e427f025f8cfffb48da23bb4ac115d41395c6f5bc910c2c0b360d88ab61
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 79015270528E58CFCAD9EB28D8847B9B7E0FB95309F104559D899E7642DA21D4418781
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 000001589FCBBBC4 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3479845439.000001589FCB4000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001589FCB4000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_1589fcb4000_SysrI6zSkJ.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 0f8201fc75e839762ea99641ea284e2192f260c972351643c92f145bba68559b
                                                                                                                                                                                                                                      • Instruction ID: 8ae2dae399513f8da3f14312710ad7b702936f5a14e14ed664ce68d62de1188b
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0f8201fc75e839762ea99641ea284e2192f260c972351643c92f145bba68559b
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 04015234524F18CBD659EF29C8C56B9B3D0FBD470AF40896DE4AA57543CE30F8508682
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 000001589FCB88BC Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3479845439.000001589FCB4000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001589FCB4000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_1589fcb4000_SysrI6zSkJ.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: da8dc76d1b070d06af2b4c3b0a34d2fab4ed22bdd9adda4deef52c177e8e960f
                                                                                                                                                                                                                                      • Instruction ID: 989e36e5b979e92da3f5f0106bc243b8265d6a5eeae86e19953b0fd565140183
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: da8dc76d1b070d06af2b4c3b0a34d2fab4ed22bdd9adda4deef52c177e8e960f
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1A016D70818F0C4BDB14EF69A409792BBE1FB88300F404A5EE4ADC3281DB346494CB86
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 000001589FCD22A4 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3479845439.000001589FCB4000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001589FCB4000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_1589fcb4000_SysrI6zSkJ.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 86cc16ca6729322736dfda0a7c394bae1d79b1bd7f56789dc8eb1ef0d611dd96
                                                                                                                                                                                                                                      • Instruction ID: 531bc325e92653de54c09ce8942dd7468192e47556e4aeaba8cf2732e4626d3c
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 86cc16ca6729322736dfda0a7c394bae1d79b1bd7f56789dc8eb1ef0d611dd96
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 37010C30524E54CFE669AF689849BF973D4FBC430DF40885DE4AADBA92DE20A4408791
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 000001589FCCB93C Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3479845439.000001589FCB4000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001589FCB4000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_1589fcb4000_SysrI6zSkJ.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: da8bdbf39ac95f9ac36a7c116e1e879e3210838854395d9d19d92985b71dc86b
                                                                                                                                                                                                                                      • Instruction ID: 3bdb05f1976ac6101ff916a212ee7e637b549821a6ea4b286488eaabf21cbb1c
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: da8bdbf39ac95f9ac36a7c116e1e879e3210838854395d9d19d92985b71dc86b
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4101E130518E148FDA68EB69D445AA5B3E0FB98309F004C5DE49FD7693DF21F441CB45
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 000001589FCB8814 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3479845439.000001589FCB4000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001589FCB4000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_1589fcb4000_SysrI6zSkJ.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: c8b7208516cddcdee7902f7b9d1ec389a9c08ea49fa728222af3c188bec9cccb
                                                                                                                                                                                                                                      • Instruction ID: 96fd0f57f6a30e5d17e5a6114ad1d7ff1f6fd57b9b0efd6610dcdaf7e90fbb9c
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c8b7208516cddcdee7902f7b9d1ec389a9c08ea49fa728222af3c188bec9cccb
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7C01197091CF088BDB54EF69A449792BBE1FB98304F404A5EE4ADC3291DB356494CB86
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 000001589FCB871C Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3479845439.000001589FCB4000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001589FCB4000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_1589fcb4000_SysrI6zSkJ.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: d0bbf8325a844bc026612307394116e234f320e5b0c3ced7f9f8216ba9d47077
                                                                                                                                                                                                                                      • Instruction ID: ef3da2963e5d42d03a6972e443660615a7a18d571fef423728d98aa0b17b12ed
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d0bbf8325a844bc026612307394116e234f320e5b0c3ced7f9f8216ba9d47077
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4F013C7091CF088BEB54EF6DA449792BBE1FB98304F404A5FE4ADC3291DB346494CB86
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 000001589FCCFEF0 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3479845439.000001589FCB4000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001589FCB4000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_1589fcb4000_SysrI6zSkJ.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 7457c68f46af2a6c965656653ca460f532db7bb49719e327d295308b94c2cfb2
                                                                                                                                                                                                                                      • Instruction ID: 0e02aa7c017c78a5768b243a03167358dc9dff7c143d6b6efcd50787bffca5b0
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7457c68f46af2a6c965656653ca460f532db7bb49719e327d295308b94c2cfb2
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9FF0FF30228E088FDA5CEB29E884A65B3E0FB94305F10495DD49ED7B92DB31F841DB95
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 000001589FCD67F4 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3479845439.000001589FCB4000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001589FCB4000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_1589fcb4000_SysrI6zSkJ.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: efe935bd24665c51879672f4331060966107a324a16d76755ed1132a49a661b6
                                                                                                                                                                                                                                      • Instruction ID: b056910e7905c3d73abc13642260deccd5ec04b79395f6a774655296dec6884e
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: efe935bd24665c51879672f4331060966107a324a16d76755ed1132a49a661b6
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A8F0F830128E488FC768EF28D85DA79B7E4FB48309F41095DE89BC7662DE31A890CB41
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 000001589FCCF24C Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3479845439.000001589FCB4000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001589FCB4000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_1589fcb4000_SysrI6zSkJ.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 8317faab50ac7c66a26191dae70fa7813a513e9a1bcdd42a8d2a072177619137
                                                                                                                                                                                                                                      • Instruction ID: 8118847fc7c505d42ebbde4f5f953d84856e69c7b8f2c32739830380f0415d81
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8317faab50ac7c66a26191dae70fa7813a513e9a1bcdd42a8d2a072177619137
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 18F03030528E0CCFCAD8FF28D485A69B7E0FB98309F10494DE49DD7642DA31E851CB81
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 000001589FCCF07C Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3479845439.000001589FCB4000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001589FCB4000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_1589fcb4000_SysrI6zSkJ.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: b3149675bec359778621e55aa097ca3ef089accbb9589f343f34adfbaa40d01b
                                                                                                                                                                                                                                      • Instruction ID: bda5a88c6e4b05e49fa30e9929e4071b18e0dccf60f077cb8c146631b197465e
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b3149675bec359778621e55aa097ca3ef089accbb9589f343f34adfbaa40d01b
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6AF06D30228D0CCFCA98FF28D884E65B3E0FB58705F000659E49EE7652DB21F850CB82
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 000001589FCB8498 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3479845439.000001589FCB4000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001589FCB4000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_1589fcb4000_SysrI6zSkJ.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 7f40abab4a395220209bb204973762990f79d5169fd941662469a31ced271609
                                                                                                                                                                                                                                      • Instruction ID: 33ac52870501a77609cc6296959a38845bf693649cb0d6a64e3bb9f147bd8e9f
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7f40abab4a395220209bb204973762990f79d5169fd941662469a31ced271609
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 78E01D7164CB086FD1188559BC467B273E4E74D735F20451EF59E8358299127801465E
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 000001589FCD67C0 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3479845439.000001589FCB4000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001589FCB4000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_1589fcb4000_SysrI6zSkJ.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 14b40c784dce6d689c495226e21d619e7de06de0ce478d24940a191bdb754341
                                                                                                                                                                                                                                      • Instruction ID: fb793a8895ff0710c0e9847e35201a466ddd78a6ed6f72d2a51a732773caf6cb
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 14b40c784dce6d689c495226e21d619e7de06de0ce478d24940a191bdb754341
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 81E08C30434E1C8BC664AF2498422BEB2D0F78430DF414858E8AA82843D930E46086C2
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 000001589FCD2274 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3479845439.000001589FCB4000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001589FCB4000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_1589fcb4000_SysrI6zSkJ.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: f3b51583ab959a0629488c3ac10a70ebcf6a9633a7c434bba773dc378663a834
                                                                                                                                                                                                                                      • Instruction ID: c51c958fc374558a9f258dbafb9fc7dcc374ecf7a7a2cbb348566fd87f368e41
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f3b51583ab959a0629488c3ac10a70ebcf6a9633a7c434bba773dc378663a834
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C4D01230434F188BC5A87B645C862FDB394FB84719F404559E8AA96942DA30E45086D3
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 000001589FCCB918 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3479845439.000001589FCB4000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001589FCB4000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_1589fcb4000_SysrI6zSkJ.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 4d985430cd642aafd0e1857dc8a02a792aebe8b2a401ec30d1c939ee80d7184e
                                                                                                                                                                                                                                      • Instruction ID: e204989e2ae04ff847d5c6680765586f96b2d52499fa720718d35342a54e75b2
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4d985430cd642aafd0e1857dc8a02a792aebe8b2a401ec30d1c939ee80d7184e
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CBC01230824E2CCAD0A966E06C453F972B8EBC430EF00C949D8BF95883DD11A85045D3
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                                                                                      Function 000001589FCB68B8 Relevance: .7, Instructions: 733COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3479845439.000001589FCB4000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001589FCB4000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_1589fcb4000_SysrI6zSkJ.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 31d617502f3e6d5b0a3cffdcd5460864d6e73ed058a3e7336b211e9d473bbe78
                                                                                                                                                                                                                                      • Instruction ID: a02d428dcaa64a9909f4ef28aceecdba17f6821a544601d0f487688f9258b655
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 31d617502f3e6d5b0a3cffdcd5460864d6e73ed058a3e7336b211e9d473bbe78
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 88224461C1CBC46BE2288B54DD46FB7B3ACFBA9708F019B0CF9DE41052DB7079928656
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 000001589FCBF294 Relevance: .6, Instructions: 555COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3479845439.000001589FCB4000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001589FCB4000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_1589fcb4000_SysrI6zSkJ.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 802b1e5c722379059882a9b5575f709e7b3e06c50a75a0da2c0b8ce59cb9cf68
                                                                                                                                                                                                                                      • Instruction ID: 327c9f10d40893d60d715c8995de5b6839a91fe389e113984db63895433691fa
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 802b1e5c722379059882a9b5575f709e7b3e06c50a75a0da2c0b8ce59cb9cf68
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 29025234A24E1D8FDB99EF98C488BB9B7E0FBD830AF504559D459E7391CA31E941CB80
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 000001589FCB711C Relevance: .3, Instructions: 336COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3479845439.000001589FCB4000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001589FCB4000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_1589fcb4000_SysrI6zSkJ.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 0746b1a1a476348216c42294fdcec8ce28824a69fa4f8bc06989b06119e235ae
                                                                                                                                                                                                                                      • Instruction ID: 929a58f00d62e9ee1f5474a8565427c56b89e21b847d3c84aede889f2603b3ca
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0746b1a1a476348216c42294fdcec8ce28824a69fa4f8bc06989b06119e235ae
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EB91E033838D398BE79D9A1888842B472D1FBD472AF5A4655DC79B72C1D931BC92C7C0
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 000001589FCB73C4 Relevance: .3, Instructions: 316COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3479845439.000001589FCB4000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001589FCB4000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_1589fcb4000_SysrI6zSkJ.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: caedaaf3c05723d7cfe2fb483ff8821fc8a8ffbcbd2e521cdf89bfc44fc97a18
                                                                                                                                                                                                                                      • Instruction ID: e51f6e44e055d8c481b784d7b237a56adf83eb4b40bf65a36794529e6c89fb46
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: caedaaf3c05723d7cfe2fb483ff8821fc8a8ffbcbd2e521cdf89bfc44fc97a18
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0481D333838D358BEAAD971C98443B4B3D1FBD472AF5A4655CC79B72C1D921AC92CAC0
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 000001589FCD53CE Relevance: .3, Instructions: 287COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3479845439.000001589FCB4000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001589FCB4000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_1589fcb4000_SysrI6zSkJ.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 7f7062e9f4c238e29510f6434d66887a4056f848b0d3e3067fed7b5c7521f4bd
                                                                                                                                                                                                                                      • Instruction ID: 45ab3de3672b6c69b1494b3ed8835a6c8a62cea377eaa3e48c0781154c58357b
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7f7062e9f4c238e29510f6434d66887a4056f848b0d3e3067fed7b5c7521f4bd
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9FA13030618E198FDB69DF1CC498BB9B7E0FB98309F40895DD45AD7692CE31E851CB80
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                                                      Function 0000022F0C425448 Relevance: .8, Instructions: 802COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000007.00000002.3478220574.0000022F0C40C000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000022F0C40C000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_22f0c40c000_embedded.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: cf2fe28fef598741c2ecf4e55fd315f86f7e88fc84d962f22dc4bae8e59b4267
                                                                                                                                                                                                                                      • Instruction ID: 2e9760124ff4d1147e4b2aa876c229eb70db000efe245ff86a72491f793b88f5
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cf2fe28fef598741c2ecf4e55fd315f86f7e88fc84d962f22dc4bae8e59b4267
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0D426F34618E099FDBD8EF9CC6C9B69B7F0FB58300F540579D48AE3296CA31E9419B80
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 0000022F0C4257AB Relevance: .5, Instructions: 460COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000007.00000002.3478220574.0000022F0C40C000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000022F0C40C000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_22f0c40c000_embedded.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: d8b877085ef47692e568aa4d8d3fcbee17eef3d3e509e95cbe048a70e8427783
                                                                                                                                                                                                                                      • Instruction ID: 7cdaad6a21cdce984e9345c8489efd55aec0dcb25f5d80426b72e63f95c1a13a
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d8b877085ef47692e568aa4d8d3fcbee17eef3d3e509e95cbe048a70e8427783
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 97F16034618E099FDB98DF5CC689B69B7F0FB18300F544579D88AE3296C632F945DB80
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 0000022F0C41D69C Relevance: .8, Instructions: 827COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000007.00000002.3478220574.0000022F0C40C000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000022F0C40C000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_22f0c40c000_embedded.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 3712307921555f1a7e9ae3c4d56b005c21b52de11a9a876c9b42d6e3b122d368
                                                                                                                                                                                                                                      • Instruction ID: 42e2a3750ea49e560a1b87d8a3e9754251453ce86da78cce5c11f912b0318298
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3712307921555f1a7e9ae3c4d56b005c21b52de11a9a876c9b42d6e3b122d368
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AD520774A18F099FDB88EF98C5C9B69B7F0FB68701F50466D9489D3266CB31A940CB81
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 0000022F0C42A328 Relevance: .8, Instructions: 773COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000007.00000002.3478220574.0000022F0C40C000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000022F0C40C000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_22f0c40c000_embedded.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 23b44aa292820013d320316acf97590cd588a90dc143f171c35868205d26e301
                                                                                                                                                                                                                                      • Instruction ID: 6dde40bde60a89cb57607981e464c232462cf6330e8de3c110da3b27cfde2d11
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 23b44aa292820013d320316acf97590cd588a90dc143f171c35868205d26e301
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AA426234618E0D9FDBD4EBACC689B69B3F0FB58300F540579D84AD3697CA32E9459B40
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 0000022F0C41DEEC Relevance: .3, Instructions: 280COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000007.00000002.3478220574.0000022F0C40C000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000022F0C40C000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_22f0c40c000_embedded.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 4f6e2d5081d89460c3dca1a952d53b67a908dd308cf6f5b21d6a8310c3104190
                                                                                                                                                                                                                                      • Instruction ID: 40dfffa08f94d1ff5133bafbfb30a9b7f24a2f5b8b4f2494101a16c85b05162a
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4f6e2d5081d89460c3dca1a952d53b67a908dd308cf6f5b21d6a8310c3104190
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6DA11A74A18E089FDF98EF9DC5C9B69B7F0FB68700F114969D989D3266CA30E940CB41
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 0000022F0C4104D4 Relevance: .1, Instructions: 134COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000007.00000002.3478220574.0000022F0C40C000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000022F0C40C000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_22f0c40c000_embedded.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: d073ea6415d0db3c17bdc8a98aebfe16329abf3a99ce1380e324cf6d63500e2d
                                                                                                                                                                                                                                      • Instruction ID: 43a70bfb3718b8022f6fbf943d751dbbece203c7bc22f912efdd521a7acc4155
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d073ea6415d0db3c17bdc8a98aebfe16329abf3a99ce1380e324cf6d63500e2d
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3941842181CF848BE3198F5C9946BB6B3F0FB6D304F04970DE9CE81052DF31B1A68686
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 0000022F0C42D936 Relevance: .1, Instructions: 123COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000007.00000002.3478220574.0000022F0C40C000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000022F0C40C000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_22f0c40c000_embedded.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: d0eaa389417a297514ba406972abe5c67d5c474a303992de1aae04ac59a65431
                                                                                                                                                                                                                                      • Instruction ID: b98a3fa1ca0cba438d323e7751e27a7ad0b64aac77c192e5d88be70e34657c90
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d0eaa389417a297514ba406972abe5c67d5c474a303992de1aae04ac59a65431
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9041D230608A088FDB98EF5DD185F6573E1FB68704F500AADE48DD7696CA32E852DB81
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 0000022F0C422F34 Relevance: .1, Instructions: 120COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000007.00000002.3478220574.0000022F0C40C000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000022F0C40C000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_22f0c40c000_embedded.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 6ddf099b04ed4c520c7181b7dabb50bf80a25656aa7a09b37d330ab1ef30c892
                                                                                                                                                                                                                                      • Instruction ID: 1bedde1b540f049afcd256d640478ced6354855d883738d102f25d42fc48dd5c
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6ddf099b04ed4c520c7181b7dabb50bf80a25656aa7a09b37d330ab1ef30c892
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 47412134618E099FDFD4EF68C28AB69B7F1FB58300F50497DD449D329AC635E9448B81
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 0000022F0C445A54 Relevance: .1, Instructions: 97COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000007.00000002.3478220574.0000022F0C40C000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000022F0C40C000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_22f0c40c000_embedded.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 5da719434b85376a9c3353510d37723e1c2281e201ff7781b00b3def157fba24
                                                                                                                                                                                                                                      • Instruction ID: 09539ef03eb7b36ae20f81ac8b1801a2a159b44161010bd6a0c874391b667cd3
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5da719434b85376a9c3353510d37723e1c2281e201ff7781b00b3def157fba24
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5B314B70618E099FCB98EF59C5C9A6AB7F1FB6C700F10456DE55DD36AACA30E840CB81
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 0000022F0C445B34 Relevance: .1, Instructions: 97COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000007.00000002.3478220574.0000022F0C40C000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000022F0C40C000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_22f0c40c000_embedded.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: b51a92f09b4acb07c4ffd6f45a2083d73a9e01bd2c3bef09065cd94cd88a9648
                                                                                                                                                                                                                                      • Instruction ID: 0a69a39ecdb362541521be14e6c8f5cb7818c6319733b5b646f6bc96bcffcf48
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b51a92f09b4acb07c4ffd6f45a2083d73a9e01bd2c3bef09065cd94cd88a9648
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 25310A30618E099FDF98EF59D5C9A69B7E0FB68701F50462DE459C369ACB30F850CB81
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 0000022F0C4243C0 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000007.00000002.3478220574.0000022F0C40C000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000022F0C40C000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_22f0c40c000_embedded.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: fe14b9279ba77926b90e1d41dbcc05c6be5d4765db607cd81b5b2c4368556dfc
                                                                                                                                                                                                                                      • Instruction ID: c536abcb916d27c2489f3ff34748caeac509a047b2dbdebfb883f4e26ed763ff
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fe14b9279ba77926b90e1d41dbcc05c6be5d4765db607cd81b5b2c4368556dfc
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DF213D30618E089FDF94EF58C589B69B7E1FB6C700F504969E44DC365ACA31E8908B81
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 0000022F0C426508 Relevance: .1, Instructions: 82COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000007.00000002.3478220574.0000022F0C40C000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000022F0C40C000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_22f0c40c000_embedded.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 681b9a4a800e0ef6be880e6bd348049ae75e5febe25d3c7d46c93ab8f3283d3e
                                                                                                                                                                                                                                      • Instruction ID: 2b4656dcf54380c766fa8213ef92004101a30ecda02bcb48e08dad20d2e2eaa5
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 681b9a4a800e0ef6be880e6bd348049ae75e5febe25d3c7d46c93ab8f3283d3e
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4D211D30218F099FDB94EF59D9CAAA9B7E0FB28700F514569E44983656DA31F890CBC2
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 0000022F0C454758 Relevance: .1, Instructions: 78COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000007.00000002.3478220574.0000022F0C40C000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000022F0C40C000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_22f0c40c000_embedded.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: fc9ef544748c2a7be3db899d38eee1f136acb3edcc09006209ad3aeed25d80bb
                                                                                                                                                                                                                                      • Instruction ID: 009c90463b8a01e424dc3f6af9c07f11cce7bee6cfee308e183d60ddd6d27add
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fc9ef544748c2a7be3db899d38eee1f136acb3edcc09006209ad3aeed25d80bb
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F9119732928F0D9EFA999B58DA4C766B3E1FB95310F11063BD40AC35D3C835A0C24640
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 0000022F0C4239A3 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000007.00000002.3478220574.0000022F0C40C000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000022F0C40C000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_22f0c40c000_embedded.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 281563b09eed1ecd67925fc7cb5515647ad93059964e2b5664bcd1f42ec34015
                                                                                                                                                                                                                                      • Instruction ID: 129d33774b1b9ff3dfd8c2901e6a2431cd308bd3413770d6e19964b120c09007
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 281563b09eed1ecd67925fc7cb5515647ad93059964e2b5664bcd1f42ec34015
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7F21AC34508E089FEB98EF6DD189E95B3F0FB58300F14096EE48AD76A3DB31E4409B44
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 0000022F0C4269D4 Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000007.00000002.3478220574.0000022F0C40C000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000022F0C40C000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_22f0c40c000_embedded.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 389c0b391266fb34b118ce1c8e38fd79864fcb64dcc735da8690d9e933070e9f
                                                                                                                                                                                                                                      • Instruction ID: d4f83702c4585399f9e889598a806ede1934b01a0b01505813a603ccd3f6249b
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 389c0b391266fb34b118ce1c8e38fd79864fcb64dcc735da8690d9e933070e9f
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4421D630608E099FCB98EF59D1C5A69B7F0FB68700F404669E45DE3656CA31F890DBC1
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 0000022F0C423A08 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000007.00000002.3478220574.0000022F0C40C000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000022F0C40C000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_22f0c40c000_embedded.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 8f7385ecc7052596c4579bc6f7983ea8f9df5870c898fa1959efe4d608000910
                                                                                                                                                                                                                                      • Instruction ID: b4cb7554c3594aa4d11f9d84b58374f333ec8a33cfd6bb7caaa6cc3b5d48a2aa
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8f7385ecc7052596c4579bc6f7983ea8f9df5870c898fa1959efe4d608000910
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8D21D034518E089FD6A8EF69D189A66B3F4FB58301F50057DD48AC7AA7DA31F881DB40
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 0000022F0C427E3C Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000007.00000002.3478220574.0000022F0C40C000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000022F0C40C000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_22f0c40c000_embedded.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 294c55edbca61f3c6331db7b14e3055d684de7df479dab46e0387f7a4e1d1996
                                                                                                                                                                                                                                      • Instruction ID: b0a37260136577f4128a19a9d1b4895f83929df41bdc9530da1a64afd383c322
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 294c55edbca61f3c6331db7b14e3055d684de7df479dab46e0387f7a4e1d1996
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 60210030218E089FDA94EF68D5C9A69B7F0FB58701F50096DE48DC3697DA31ED908B91
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 0000022F0C427290 Relevance: .1, Instructions: 60COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000007.00000002.3478220574.0000022F0C40C000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000022F0C40C000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_22f0c40c000_embedded.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: ee72ad6feeeaf353972647b08f3706037533ac3c7dd2f60eef1c1ca0139d7d69
                                                                                                                                                                                                                                      • Instruction ID: 160bb8a1d972c3255c40f52fd509b3293126cac3d08506e3ad7a761970124442
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ee72ad6feeeaf353972647b08f3706037533ac3c7dd2f60eef1c1ca0139d7d69
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7611C830528F09ABCF94EF59C9C6A59B7F0FB28700F404969E58993657CA31F890CBD2
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 0000022F0C422BF0 Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000007.00000002.3478220574.0000022F0C40C000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000022F0C40C000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_22f0c40c000_embedded.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 939c02088d8388d08030f0f1799d511c4131753c51de703cc4fde00347fef22e
                                                                                                                                                                                                                                      • Instruction ID: 618a8f268d60bbf34a63ab1868f9ad761a53eec471f2250c40067b94fb7fba85
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 939c02088d8388d08030f0f1799d511c4131753c51de703cc4fde00347fef22e
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D0111E34118E099FDBE8FF69C5CAA69B3E0FB18710F400968E45AD3697DA71F9508B81
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 0000022F0C40E72C Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000007.00000002.3478220574.0000022F0C40C000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000022F0C40C000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_22f0c40c000_embedded.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 809ea06d39b1e2c793cf4c41aaceab86aa382c27575111122cd3d4fb882ce2cf
                                                                                                                                                                                                                                      • Instruction ID: 42d2ddfe29dceb874857180697c8a89b3b9e3acd1c7da042eff60f777619e934
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 809ea06d39b1e2c793cf4c41aaceab86aa382c27575111122cd3d4fb882ce2cf
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DCF058B215C7882EB21C9945BC4BCB3B7DCE78632AB10452FF5CA81013E45278134AAA
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 0000022F0C426914 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000007.00000002.3478220574.0000022F0C40C000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000022F0C40C000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_22f0c40c000_embedded.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: b5124e427f025f8cfffb48da23bb4ac115d41395c6f5bc910c2c0b360d88ab61
                                                                                                                                                                                                                                      • Instruction ID: f659e2caaf3f634549cfe3de774cee4bec906d5b1090f646e011fc238cbb6c7a
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b5124e427f025f8cfffb48da23bb4ac115d41395c6f5bc910c2c0b360d88ab61
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9C01B174408E089FCBD8EB68C2C97A9B7F0FB08300F50007DE88AD3247DA32D4129741
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 0000022F0C4108BC Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000007.00000002.3478220574.0000022F0C40C000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000022F0C40C000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_22f0c40c000_embedded.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: da8dc76d1b070d06af2b4c3b0a34d2fab4ed22bdd9adda4deef52c177e8e960f
                                                                                                                                                                                                                                      • Instruction ID: 989e36e5b979e92da3f5f0106bc243b8265d6a5eeae86e19953b0fd565140183
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: da8dc76d1b070d06af2b4c3b0a34d2fab4ed22bdd9adda4deef52c177e8e960f
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1A016D70818F0C4BDB14EF69A409792BBE1FB88300F404A5EE4ADC3281DB346494CB86
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 0000022F0C413BC4 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000007.00000002.3478220574.0000022F0C40C000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000022F0C40C000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_22f0c40c000_embedded.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 0f8201fc75e839762ea99641ea284e2192f260c972351643c92f145bba68559b
                                                                                                                                                                                                                                      • Instruction ID: db9e753b25144d90039d475ab3bcc7fdc8e0a2e0f2e3582954822a7ae9b1b5f9
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0f8201fc75e839762ea99641ea284e2192f260c972351643c92f145bba68559b
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3A014834518F489FD694EF68C6CA665B7F0FB14B00F40497DE8DA8356BD630F9548742
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 0000022F0C42A2A4 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000007.00000002.3478220574.0000022F0C40C000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000022F0C40C000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_22f0c40c000_embedded.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 86cc16ca6729322736dfda0a7c394bae1d79b1bd7f56789dc8eb1ef0d611dd96
                                                                                                                                                                                                                                      • Instruction ID: 193e8758cdf9477be3a6b1b5700d3e519f0f61d504bf95da8a0b8a124045ec0b
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 86cc16ca6729322736dfda0a7c394bae1d79b1bd7f56789dc8eb1ef0d611dd96
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A5012C34514A089FE694FFA8D24EB6977F0FB04304F80087DEC9AC3697DA36A944A701
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 0000022F0C42393C Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000007.00000002.3478220574.0000022F0C40C000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000022F0C40C000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_22f0c40c000_embedded.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: da8bdbf39ac95f9ac36a7c116e1e879e3210838854395d9d19d92985b71dc86b
                                                                                                                                                                                                                                      • Instruction ID: 8487e96b0f2317feb1e29be35fc85ec4fe3aaaf98972256727d7f50c9829c7ef
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: da8bdbf39ac95f9ac36a7c116e1e879e3210838854395d9d19d92985b71dc86b
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5B01EC34518E089FEAA8EF69D14AA56B3F4FB18300F40087DE48EC76A3DB25F841DB45
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 0000022F0C41071C Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000007.00000002.3478220574.0000022F0C40C000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000022F0C40C000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_22f0c40c000_embedded.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: d0bbf8325a844bc026612307394116e234f320e5b0c3ced7f9f8216ba9d47077
                                                                                                                                                                                                                                      • Instruction ID: ef3da2963e5d42d03a6972e443660615a7a18d571fef423728d98aa0b17b12ed
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d0bbf8325a844bc026612307394116e234f320e5b0c3ced7f9f8216ba9d47077
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4F013C7091CF088BEB54EF6DA449792BBE1FB98304F404A5FE4ADC3291DB346494CB86
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 0000022F0C410814 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000007.00000002.3478220574.0000022F0C40C000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000022F0C40C000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_22f0c40c000_embedded.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: c8b7208516cddcdee7902f7b9d1ec389a9c08ea49fa728222af3c188bec9cccb
                                                                                                                                                                                                                                      • Instruction ID: 96fd0f57f6a30e5d17e5a6114ad1d7ff1f6fd57b9b0efd6610dcdaf7e90fbb9c
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c8b7208516cddcdee7902f7b9d1ec389a9c08ea49fa728222af3c188bec9cccb
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7C01197091CF088BDB54EF69A449792BBE1FB98304F404A5EE4ADC3291DB356494CB86
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 0000022F0C427EF0 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000007.00000002.3478220574.0000022F0C40C000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000022F0C40C000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_22f0c40c000_embedded.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 7457c68f46af2a6c965656653ca460f532db7bb49719e327d295308b94c2cfb2
                                                                                                                                                                                                                                      • Instruction ID: 944388dc90e2f200d2f89597395f345b916638221adbbd3f30c46055b05d1193
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7457c68f46af2a6c965656653ca460f532db7bb49719e327d295308b94c2cfb2
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 20F0123021CE089FDAA8EB69E589B66B3E0FB54301F40056DD48ED3B96DB31F840CB85
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 0000022F0C42E7F4 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000007.00000002.3478220574.0000022F0C40C000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000022F0C40C000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_22f0c40c000_embedded.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: efe935bd24665c51879672f4331060966107a324a16d76755ed1132a49a661b6
                                                                                                                                                                                                                                      • Instruction ID: 4a6d752887614a5682bd8b22406fd31fd8babd73c6fc74aa2160dad19fa59f84
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: efe935bd24665c51879672f4331060966107a324a16d76755ed1132a49a661b6
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 27F0F830128E488FC7A4EF68D55DA29B7E4FB08301F41096DE89AC3662DE31A890CB51
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 0000022F0C42707C Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000007.00000002.3478220574.0000022F0C40C000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000022F0C40C000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_22f0c40c000_embedded.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: b3149675bec359778621e55aa097ca3ef089accbb9589f343f34adfbaa40d01b
                                                                                                                                                                                                                                      • Instruction ID: 311aaabc6b7e4a7a28e4f525ecec8cf5936a4567248ce4a95297e5a15619753a
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b3149675bec359778621e55aa097ca3ef089accbb9589f343f34adfbaa40d01b
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5BF0C930618D0CDFCAD8EB69D589E25B3F0FB28701F400669E49ED3652DA22E9558B82
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 0000022F0C42724C Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000007.00000002.3478220574.0000022F0C40C000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000022F0C40C000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_22f0c40c000_embedded.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 8317faab50ac7c66a26191dae70fa7813a513e9a1bcdd42a8d2a072177619137
                                                                                                                                                                                                                                      • Instruction ID: 9739947719fb424e90961814c912b16297705feaaab9b98f8c916d9a1ceac56e
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8317faab50ac7c66a26191dae70fa7813a513e9a1bcdd42a8d2a072177619137
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7AF03930508E0C9FCAD8FF68D289A29B3E0FB18300F5049ADF49DC3647DA32E8518B51
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 0000022F0C42E7C0 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000007.00000002.3478220574.0000022F0C40C000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000022F0C40C000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_22f0c40c000_embedded.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 14b40c784dce6d689c495226e21d619e7de06de0ce478d24940a191bdb754341
                                                                                                                                                                                                                                      • Instruction ID: 5b7837778f8ba70978972f06ce8d5771c3e8887ac2e952e643adce7d85ede38a
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 14b40c784dce6d689c495226e21d619e7de06de0ce478d24940a191bdb754341
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9FE01234824F485BD690BFB45A4B26AB3E4F744701F800979E8DAC2547D631E5648693
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 0000022F0C42A274 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000007.00000002.3478220574.0000022F0C40C000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000022F0C40C000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_22f0c40c000_embedded.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: f3b51583ab959a0629488c3ac10a70ebcf6a9633a7c434bba773dc378663a834
                                                                                                                                                                                                                                      • Instruction ID: ebea479ccd6a356a2ccdebda6adbef8ba41e1298b629ca7d4af3fb51571b079b
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f3b51583ab959a0629488c3ac10a70ebcf6a9633a7c434bba773dc378663a834
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 25D05B34424F085BC5D0BFB46A4B26973F4FB04700F800579EC9A82647D633E55456A3
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 0000022F0C423918 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000007.00000002.3478220574.0000022F0C40C000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000022F0C40C000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_22f0c40c000_embedded.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 4d985430cd642aafd0e1857dc8a02a792aebe8b2a401ec30d1c939ee80d7184e
                                                                                                                                                                                                                                      • Instruction ID: d93114d90cad362a0b92227c2c6b6dee32b7ee0cfc75db93cad5b0385d223bae
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4d985430cd642aafd0e1857dc8a02a792aebe8b2a401ec30d1c939ee80d7184e
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A2C01234814D485AD0E4AAE0630B369B2BCF705300F800579D89F819A7D916A9945592
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Execution Graph

                                                                                                                                                                                                                                      Execution Coverage:10%
                                                                                                                                                                                                                                      Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                      Signature Coverage:0%
                                                                                                                                                                                                                                      Total number of Nodes:51
                                                                                                                                                                                                                                      Total number of Limit Nodes:5
                                                                                                                                                                                                                                      execution_graph 31980 96aa518 31982 96aa51d 31980->31982 31981 96aa6a3 31982->31981 31984 96a62b0 31982->31984 31985 96aa798 PostMessageW 31984->31985 31986 96aa804 31985->31986 31986->31982 31959 30c4668 31960 30c4684 31959->31960 31961 30c4696 31960->31961 31963 30c47a0 31960->31963 31964 30c47c5 31963->31964 31968 30c48b0 31964->31968 31972 30c48a1 31964->31972 31970 30c48d7 31968->31970 31969 30c49b4 31969->31969 31970->31969 31976 30c4248 31970->31976 31973 30c48b0 31972->31973 31974 30c4248 CreateActCtxA 31973->31974 31975 30c49b4 31973->31975 31974->31975 31977 30c5940 CreateActCtxA 31976->31977 31979 30c5a03 31977->31979 31987 30cad38 31990 30cae30 31987->31990 31988 30cad47 31991 30cae41 31990->31991 31992 30cae64 31990->31992 31991->31992 31998 30cb0b8 31991->31998 32002 30cb0c8 31991->32002 31992->31988 31993 30cb068 GetModuleHandleW 31995 30cb095 31993->31995 31994 30cae5c 31994->31992 31994->31993 31995->31988 32000 30cb0c8 31998->32000 31999 30cb101 31999->31994 32000->31999 32006 30ca870 32000->32006 32003 30cb0cd 32002->32003 32004 30ca870 LoadLibraryExW 32003->32004 32005 30cb101 32003->32005 32004->32005 32005->31994 32007 30cb2a8 LoadLibraryExW 32006->32007 32009 30cb321 32007->32009 32009->31999 32010 30cd0b8 32011 30cd0bd 32010->32011 32015 30cd298 32011->32015 32019 30cd289 32011->32019 32012 30cd1eb 32016 30cd29d 32015->32016 32023 30cc9a0 32016->32023 32020 30cd298 32019->32020 32021 30cc9a0 DuplicateHandle 32020->32021 32022 30cd2c6 32021->32022 32022->32012 32024 30cd300 DuplicateHandle 32023->32024 32026 30cd2c6 32024->32026 32026->32012

                                                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                                                      Function 096A8860 Relevance: 5.5, Strings: 4, Instructions: 496COMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 294 96a8860-96a8880 295 96a8882 294->295 296 96a8887-96a897c 294->296 295->296 305 96a897e 296->305 306 96a8983-96a89b1 296->306 305->306 308 96a8d59-96a8d62 306->308 309 96a8d68-96a8dea 308->309 310 96a89b6-96a89bf 308->310 325 96a8dec 309->325 326 96a8df1-96a8e1f 309->326 311 96a89c1 310->311 312 96a89c6-96a8aa5 310->312 311->312 343 96a8aac-96a8ae0 312->343 325->326 329 96a91dc-96a91e5 326->329 330 96a91eb-96a921b 329->330 331 96a8e24-96a8e2d 329->331 334 96a8e2f 331->334 335 96a8e34-96a8f13 331->335 334->335 366 96a8f1a-96a8f4e 335->366 347 96a8c83-96a8c97 343->347 350 96a8c9d-96a8cba 347->350 351 96a8ae5-96a8b7d 347->351 355 96a8cc9 350->355 356 96a8cbc-96a8cc8 350->356 369 96a8b99 351->369 370 96a8b7f-96a8b97 351->370 355->308 356->355 372 96a9103-96a9117 366->372 371 96a8b9f-96a8bc0 369->371 370->371 375 96a8c72-96a8c82 371->375 376 96a8bc6-96a8c41 371->376 377 96a911d-96a913a 372->377 378 96a8f53-96a8ff1 372->378 375->347 394 96a8c5d 376->394 395 96a8c43-96a8c5b 376->395 383 96a9149 377->383 384 96a913c-96a9148 377->384 398 96a900d 378->398 399 96a8ff3-96a900b 378->399 383->329 384->383 396 96a8c63-96a8c71 394->396 395->396 396->375 400 96a9013-96a9034 398->400 399->400 403 96a903a-96a90be 400->403 404 96a90ef-96a9102 400->404 411 96a90da 403->411 412 96a90c0-96a90d8 403->412 404->372 413 96a90e0-96a90ee 411->413 412->413 413->404
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 0000000F.00000002.1919808343.00000000096A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096A0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_96a0000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: $^q$$^q$$^q$$^q
                                                                                                                                                                                                                                      • API String ID: 0-2125118731
                                                                                                                                                                                                                                      • Opcode ID: 12a6a0c4888d016b0deb630dd449b2095781eb9e4229faa86ba700dbed7bfd25
                                                                                                                                                                                                                                      • Instruction ID: fcbefc33529e0b0c7db77cef2d1191f878cc19499fda5b9da1b8466809545da8
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 12a6a0c4888d016b0deb630dd449b2095781eb9e4229faa86ba700dbed7bfd25
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E332AF74E01228CFDB68DF64C890BDEBBB2AB49300F1095E9D50AAB351DB359E85CF51
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 096A94C8 Relevance: 5.3, Strings: 4, Instructions: 271COMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 517 96a94c8-96a94e8 519 96a94ea 517->519 520 96a94ef-96a95b8 517->520 519->520 529 96a989a-96a98a3 520->529 530 96a98a9-96a98c4 529->530 531 96a95bd-96a95c6 529->531 535 96a98d0 530->535 536 96a98c6-96a98cf 530->536 533 96a95c8 531->533 534 96a95cd-96a95f1 531->534 533->534 538 96a95fe-96a9643 534->538 539 96a95f3-96a95fc 534->539 541 96a98d1 535->541 536->535 568 96a964e 538->568 542 96a9654-96a965b 539->542 541->541 544 96a965d-96a9669 542->544 545 96a9685 542->545 546 96a966b-96a9671 544->546 547 96a9673-96a9679 544->547 548 96a968b-96a9692 545->548 549 96a9683 546->549 547->549 550 96a969f-96a96f3 548->550 551 96a9694-96a969d 548->551 549->548 575 96a96fe 550->575 553 96a9704-96a970b 551->553 554 96a970d-96a9719 553->554 555 96a9735 553->555 558 96a971b-96a9721 554->558 559 96a9723-96a9729 554->559 560 96a973b-96a974d 555->560 561 96a9733 558->561 559->561 565 96a976a-96a976c 560->565 566 96a974f-96a9768 560->566 561->560 569 96a976f-96a977a 565->569 566->569 568->542 570 96a9850-96a986b 569->570 571 96a9780-96a984f 569->571 577 96a986d-96a9876 570->577 578 96a9877 570->578 571->570 575->553 577->578 578->529
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 0000000F.00000002.1919808343.00000000096A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096A0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_96a0000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: $^q$$^q$$^q$$^q
                                                                                                                                                                                                                                      • API String ID: 0-2125118731
                                                                                                                                                                                                                                      • Opcode ID: 0d969624244b66df1396afc74d9ea0088d57df5d379ada282917732c7db2e4aa
                                                                                                                                                                                                                                      • Instruction ID: db55af0120e0daf9f006b026bdcfd5945a9baea2451c587578270e5234319634
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0d969624244b66df1396afc74d9ea0088d57df5d379ada282917732c7db2e4aa
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 49C1F774E01218CFDB58DFA9C980B9EBBB2BF89340F2095A9D409AB354DB345D86CF51
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 06CBBE70 Relevance: 2.7, Strings: 2, Instructions: 201COMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 843 6cbbe70-6cbbe9b 844 6cbbe9d 843->844 845 6cbbea2-6cbbef4 843->845 844->845 847 6cbbf18-6cbbf1a 845->847 848 6cbbef6-6cbbf16 845->848 849 6cbbf1d-6cbbf28 847->849 848->849 851 6cbbf2e-6cbc04b 849->851 852 6cbc0f7-6cbc11b 849->852 880 6cbc04d call 6cbc1e0 851->880 881 6cbc04d call 6cbc1f0 851->881 857 6cbc11c-6cbc14a 852->857 871 6cbc053-6cbc0db call 6cb87d8 * 2 882 6cbc0de call 6cbdaf8 871->882 883 6cbc0de call 6cbda62 871->883 879 6cbc0e4-6cbc0f5 879->857 880->871 881->871 882->879 883->879
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 0000000F.00000002.1916241365.0000000006CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CB0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_6cb0000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: 1$v
                                                                                                                                                                                                                                      • API String ID: 0-2456183578
                                                                                                                                                                                                                                      • Opcode ID: a8912351f6d20fba8d827cc6e4ca17980072a54e1eadac2bd25b09fd1485e50d
                                                                                                                                                                                                                                      • Instruction ID: 97748bd0ea454774de3c5989941af576ddf3f389794d201f35352bf75b860a64
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a8912351f6d20fba8d827cc6e4ca17980072a54e1eadac2bd25b09fd1485e50d
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4491B274E00218CFDB58DFA9D994A9DBBF2FF89300F1490AAD419AB355DB315982CF11
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 06CBBE61 Relevance: 2.7, Strings: 2, Instructions: 191COMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 884 6cbbe61-6cbbe9b 885 6cbbe9d 884->885 886 6cbbea2-6cbbef4 884->886 885->886 888 6cbbf18-6cbbf1a 886->888 889 6cbbef6-6cbbf16 886->889 890 6cbbf1d-6cbbf28 888->890 889->890 892 6cbbf2e-6cbc031 890->892 893 6cbc0f7-6cbc11b 890->893 911 6cbc037-6cbc04b 892->911 898 6cbc11c-6cbc14a 893->898 921 6cbc04d call 6cbc1e0 911->921 922 6cbc04d call 6cbc1f0 911->922 912 6cbc053-6cbc065 913 6cbc070-6cbc07c 912->913 914 6cbc087-6cbc093 call 6cb87d8 913->914 916 6cbc098-6cbc0c1 call 6cb87d8 914->916 919 6cbc0c6-6cbc0db 916->919 923 6cbc0de call 6cbdaf8 919->923 924 6cbc0de call 6cbda62 919->924 920 6cbc0e4-6cbc0f5 920->898 921->912 922->912 923->920 924->920
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 0000000F.00000002.1916241365.0000000006CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CB0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_6cb0000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: 1$v
                                                                                                                                                                                                                                      • API String ID: 0-2456183578
                                                                                                                                                                                                                                      • Opcode ID: 7fe17e1d46c626b89982b504c17cbfb44e191850b0f2094d29178d1b9d905c77
                                                                                                                                                                                                                                      • Instruction ID: 482320c1d038cfaf6d3ce11f3b0cd2c5ccab4f8624eda54513b07c7a79a7ebac
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7fe17e1d46c626b89982b504c17cbfb44e191850b0f2094d29178d1b9d905c77
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9A91B074E00218CFDB58CFA9D994AADBBB2FF89300F1490AAD419AB355DB319981CF51
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 06CBA338 Relevance: .3, Instructions: 320COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 0000000F.00000002.1916241365.0000000006CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CB0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_6cb0000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: cd9d60ae57809db85a40485b0195b3b94820ca5bdcb703c100b183077a23fd76
                                                                                                                                                                                                                                      • Instruction ID: 021aeb2f35acd04862849895d33811299711f59fb81e7a7b634d904e8c591bc2
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cd9d60ae57809db85a40485b0195b3b94820ca5bdcb703c100b183077a23fd76
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7BE1C374E01218CFDB54DFA9C884A9DFBB2FF48310F2492A9D449A7355DB30A986CF50
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 06CBE340 Relevance: 5.5, Strings: 4, Instructions: 465COMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 415 6cbe340-6cbe36b 417 6cbe36d 415->417 418 6cbe372-6cbe3e3 415->418 417->418 420 6cbe3e9-6cbe3ee 418->420 421 6cbe58c-6cbe5a9 418->421 422 6cbe40f 420->422 423 6cbe3f0-6cbe3f9 420->423 428 6cbe5ab-6cbe5e2 421->428 429 6cbe5ed-6cbe5f1 421->429 427 6cbe412-6cbe489 422->427 425 6cbe3fb-6cbe3fe 423->425 426 6cbe400-6cbe403 423->426 430 6cbe40d 425->430 426->430 452 6cbe48b-6cbe492 427->452 453 6cbe4ad 427->453 428->429 432 6cbe5f3-6cbe5fc 429->432 433 6cbe612 429->433 430->427 436 6cbe5fe-6cbe601 432->436 437 6cbe603-6cbe606 432->437 434 6cbe615-6cbe664 433->434 447 6cbe666-6cbe66f 434->447 448 6cbe685 434->448 439 6cbe610 436->439 437->439 439->434 450 6cbe671-6cbe674 447->450 451 6cbe676-6cbe679 447->451 454 6cbe688-6cbe693 448->454 455 6cbe683 450->455 451->455 452->453 456 6cbe494-6cbe4ab 452->456 457 6cbe4b4-6cbe4bf 453->457 461 6cbe694-6cbe69a 454->461 455->454 456->457 458 6cbe546-6cbe587 457->458 459 6cbe4c5-6cbe53b 457->459 458->461 459->458 462 6cbe6ab 461->462 463 6cbe69c-6cbe6a9 461->463 466 6cbe6b2-6cbe6e3 462->466 463->466 473 6cbe6fb 466->473 474 6cbe6e5-6cbe6f9 466->474 475 6cbe702-6cbe70d 473->475 474->475 477 6cbe70f-6cbe746 475->477 478 6cbe751-6cbe765 475->478 477->478 479 6cbe798-6cbe7b0 478->479 480 6cbe767-6cbe797 478->480 513 6cbe7b5 call 6cbeae8 479->513 514 6cbe7b5 call 6cbeaa8 479->514 515 6cbe7b5 call 6cbea78 479->515 516 6cbe7b5 call 6cbead7 479->516 480->479 483 6cbe7bb-6cbe80a 511 6cbe810 call 6cbf310 483->511 512 6cbe810 call 6cbf320 483->512 489 6cbe816-6cbe823 490 6cbe82c-6cbe86a 489->490 493 6cbe86c-6cbe8d4 490->493 494 6cbe8e6-6cbe96f 490->494 501 6cbe8db-6cbe8e1 493->501 502 6cbe8d6 493->502 503 6cbe970-6cbe9e9 494->503 501->503 502->501 511->489 512->489 513->483 514->483 515->483 516->483
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 0000000F.00000002.1916241365.0000000006CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CB0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_6cb0000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: Hbq$Hbq$Hbq$`
                                                                                                                                                                                                                                      • API String ID: 0-4250499658
                                                                                                                                                                                                                                      • Opcode ID: 0ae1fd6e0c642beac1e398848354ff9866d62f6da5559f57632d2fd33f8a0aef
                                                                                                                                                                                                                                      • Instruction ID: 2715a97dc1540b980e9cdb2be291a99a60fd1b68af47c14bf5bad025d40d9869
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0ae1fd6e0c642beac1e398848354ff9866d62f6da5559f57632d2fd33f8a0aef
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A6228274A002188FDB54DFA9C984B9DBBF2FF48301F1095A9D509AB365D730AE86CF90
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 06CBE330 Relevance: 4.1, Strings: 3, Instructions: 354COMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 588 6cbe330-6cbe332 589 6cbe33c-6cbe343 588->589 590 6cbe334-6cbe33a 588->590 591 6cbe344-6cbe36b 589->591 590->589 590->591 592 6cbe36d 591->592 593 6cbe372-6cbe3e3 591->593 592->593 595 6cbe3e9-6cbe3ee 593->595 596 6cbe58c-6cbe5a9 593->596 597 6cbe40f 595->597 598 6cbe3f0-6cbe3f9 595->598 603 6cbe5ab-6cbe5e2 596->603 604 6cbe5ed-6cbe5f1 596->604 602 6cbe412-6cbe489 597->602 600 6cbe3fb-6cbe3fe 598->600 601 6cbe400-6cbe403 598->601 605 6cbe40d 600->605 601->605 627 6cbe48b-6cbe492 602->627 628 6cbe4ad 602->628 603->604 607 6cbe5f3-6cbe5fc 604->607 608 6cbe612 604->608 605->602 611 6cbe5fe-6cbe601 607->611 612 6cbe603-6cbe606 607->612 609 6cbe615-6cbe664 608->609 622 6cbe666-6cbe66f 609->622 623 6cbe685 609->623 614 6cbe610 611->614 612->614 614->609 625 6cbe671-6cbe674 622->625 626 6cbe676-6cbe679 622->626 629 6cbe688-6cbe693 623->629 630 6cbe683 625->630 626->630 627->628 631 6cbe494-6cbe4ab 627->631 632 6cbe4b4-6cbe4bf 628->632 636 6cbe694-6cbe69a 629->636 630->629 631->632 633 6cbe546-6cbe587 632->633 634 6cbe4c5-6cbe53b 632->634 633->636 634->633 637 6cbe6ab 636->637 638 6cbe69c-6cbe6a9 636->638 641 6cbe6b2-6cbe6e3 637->641 638->641 648 6cbe6fb 641->648 649 6cbe6e5-6cbe6f9 641->649 650 6cbe702-6cbe70d 648->650 649->650 652 6cbe70f-6cbe746 650->652 653 6cbe751-6cbe765 650->653 652->653 654 6cbe798-6cbe7b0 653->654 655 6cbe767-6cbe797 653->655 688 6cbe7b5 call 6cbeae8 654->688 689 6cbe7b5 call 6cbeaa8 654->689 690 6cbe7b5 call 6cbea78 654->690 691 6cbe7b5 call 6cbead7 654->691 655->654 658 6cbe7bb-6cbe80a 686 6cbe810 call 6cbf310 658->686 687 6cbe810 call 6cbf320 658->687 664 6cbe816-6cbe823 665 6cbe82c-6cbe86a 664->665 668 6cbe86c-6cbe8d4 665->668 669 6cbe8e6-6cbe96f 665->669 676 6cbe8db-6cbe8e1 668->676 677 6cbe8d6 668->677 678 6cbe970-6cbe9e9 669->678 676->678 677->676 686->664 687->664 688->658 689->658 690->658 691->658
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 0000000F.00000002.1916241365.0000000006CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CB0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_6cb0000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: Hbq$Hbq$`
                                                                                                                                                                                                                                      • API String ID: 0-1535830117
                                                                                                                                                                                                                                      • Opcode ID: 413776cb04be676c686bbc4ddbe94302cd4c11c291c9d55fe04ec0df3fb12e83
                                                                                                                                                                                                                                      • Instruction ID: 0f73585b4f085f03d97f4e3a891a714982a0f37d3cb4ab3f7304680861f6428a
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 413776cb04be676c686bbc4ddbe94302cd4c11c291c9d55fe04ec0df3fb12e83
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F5F18074E012198FDB54DFA9C984B9DBBF2BF48300F2095A9D509AB365D730AE86CF50
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 06CBC8A0 Relevance: 2.7, Strings: 2, Instructions: 214COMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 779 6cbc8a0-6cbc8bf 780 6cbca7a-6cbca9f 779->780 781 6cbc8c5-6cbc8ce 779->781 785 6cbcaa6-6cbcae0 780->785 781->785 786 6cbc8d4-6cbc929 781->786 803 6cbcae2-6cbcaf5 785->803 804 6cbcaf6-6cbcb40 call 6cbc710 785->804 794 6cbc92b-6cbc950 786->794 795 6cbc953-6cbc95c 786->795 794->795 797 6cbc95e 795->797 798 6cbc961-6cbc971 795->798 797->798 839 6cbc973 call 6cbcaf0 798->839 840 6cbc973 call 6cbca80 798->840 841 6cbc973 call 6cbc890 798->841 842 6cbc973 call 6cbc8a0 798->842 801 6cbc979-6cbc97b 805 6cbc97d-6cbc982 801->805 806 6cbc9d5-6cbca22 801->806 803->804 832 6cbcb45-6cbcb4a 804->832 808 6cbc9bb-6cbc9ce 805->808 809 6cbc984-6cbc9b9 805->809 818 6cbca29-6cbca2e 806->818 808->806 809->818 821 6cbca38-6cbca3d 818->821 822 6cbca30 818->822 824 6cbca3f 821->824 825 6cbca47-6cbca4c 821->825 822->821 824->825 827 6cbca4e-6cbca5c call 6cbc584 call 6cbc59c 825->827 828 6cbca61-6cbca62 825->828 827->828 828->780 839->801 840->801 841->801 842->801
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 0000000F.00000002.1916241365.0000000006CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CB0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_6cb0000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: (&^q$(bq
                                                                                                                                                                                                                                      • API String ID: 0-1294341849
                                                                                                                                                                                                                                      • Opcode ID: 3248f149b0e68e27df86ba05bb5e5dd0ce32433e346098b01075e1beffeaa6e0
                                                                                                                                                                                                                                      • Instruction ID: 17ce2fcb2d7b852a2bb022c15f08942f61cb80fcee2e58a50a7e6da528d29ea8
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3248f149b0e68e27df86ba05bb5e5dd0ce32433e346098b01075e1beffeaa6e0
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 84719F31F002599BCB55EFB9C8506EEBBB2AFC8740F148569D406AB380DF34AD06CB95
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 030CAE30 Relevance: 1.7, APIs: 1, Instructions: 209COMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 987 30cae30-30cae3f 988 30cae6b-30cae6f 987->988 989 30cae41-30cae4e call 30c9838 987->989 990 30cae71-30cae7b 988->990 991 30cae83-30caec4 988->991 996 30cae64 989->996 997 30cae50 989->997 990->991 998 30caec6-30caece 991->998 999 30caed1-30caedf 991->999 996->988 1048 30cae56 call 30cb0b8 997->1048 1049 30cae56 call 30cb0c8 997->1049 998->999 1001 30caee1-30caee6 999->1001 1002 30caf03-30caf05 999->1002 1000 30cae5c-30cae5e 1000->996 1003 30cafa0-30cafb7 1000->1003 1005 30caee8-30caeef call 30ca814 1001->1005 1006 30caef1 1001->1006 1004 30caf08-30caf0f 1002->1004 1020 30cafb9-30cb018 1003->1020 1008 30caf1c-30caf23 1004->1008 1009 30caf11-30caf19 1004->1009 1007 30caef3-30caf01 1005->1007 1006->1007 1007->1004 1012 30caf25-30caf2d 1008->1012 1013 30caf30-30caf39 call 30ca824 1008->1013 1009->1008 1012->1013 1018 30caf3b-30caf43 1013->1018 1019 30caf46-30caf4b 1013->1019 1018->1019 1021 30caf4d-30caf54 1019->1021 1022 30caf69-30caf76 1019->1022 1038 30cb01a-30cb01c 1020->1038 1021->1022 1023 30caf56-30caf66 call 30ca834 call 30ca844 1021->1023 1029 30caf78-30caf96 1022->1029 1030 30caf99-30caf9f 1022->1030 1023->1022 1029->1030 1039 30cb01e 1038->1039 1040 30cb048-30cb060 1038->1040 1043 30cb025-30cb046 1039->1043 1044 30cb020-30cb024 1039->1044 1041 30cb068-30cb093 GetModuleHandleW 1040->1041 1042 30cb062-30cb065 1040->1042 1045 30cb09c-30cb0b0 1041->1045 1046 30cb095-30cb09b 1041->1046 1042->1041 1043->1040 1044->1043 1046->1045 1048->1000 1049->1000
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • GetModuleHandleW.KERNELBASE(00000000), ref: 030CB086
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 0000000F.00000002.1904837543.00000000030C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030C0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_30c0000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: HandleModule
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 4139908857-0
                                                                                                                                                                                                                                      • Opcode ID: 54f29e18120fb8095cbfd31503239879e8019877deaf92490ae8cf0e2a26e3c1
                                                                                                                                                                                                                                      • Instruction ID: 97752b2ece137b677543f44c42d330b36614d0493487cf5731fda74b18d7e419
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 54f29e18120fb8095cbfd31503239879e8019877deaf92490ae8cf0e2a26e3c1
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 328178B0A11B498FDB64DF69D04479ABBF1FF88304F04896DD08ADBA50D775E84ACB90
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 030C5935 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 1050 30c5935-30c593c 1051 30c5944-30c5a01 CreateActCtxA 1050->1051 1053 30c5a0a-30c5a64 1051->1053 1054 30c5a03-30c5a09 1051->1054 1061 30c5a66-30c5a69 1053->1061 1062 30c5a73-30c5a77 1053->1062 1054->1053 1061->1062 1063 30c5a88 1062->1063 1064 30c5a79-30c5a85 1062->1064 1066 30c5a89 1063->1066 1064->1063 1066->1066
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • CreateActCtxA.KERNEL32(?), ref: 030C59F1
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 0000000F.00000002.1904837543.00000000030C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030C0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_30c0000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: Create
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2289755597-0
                                                                                                                                                                                                                                      • Opcode ID: c33bc152aea72c7d667d9ddf4fa0df754bfaa51c244a2de3885b80dfc57790a6
                                                                                                                                                                                                                                      • Instruction ID: 029c81eaa8d9d1414361746bfc7fa7bccce6440bcb7e34f51fd464db3d32bb30
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c33bc152aea72c7d667d9ddf4fa0df754bfaa51c244a2de3885b80dfc57790a6
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5E41F1B0C00659CEDB24CFAAC884BDDBBF5FF49314F2480AAD408AB255DB756985CF90
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 030C4248 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 1067 30c4248-30c5a01 CreateActCtxA 1070 30c5a0a-30c5a64 1067->1070 1071 30c5a03-30c5a09 1067->1071 1078 30c5a66-30c5a69 1070->1078 1079 30c5a73-30c5a77 1070->1079 1071->1070 1078->1079 1080 30c5a88 1079->1080 1081 30c5a79-30c5a85 1079->1081 1083 30c5a89 1080->1083 1081->1080 1083->1083
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • CreateActCtxA.KERNEL32(?), ref: 030C59F1
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 0000000F.00000002.1904837543.00000000030C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030C0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_30c0000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: Create
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2289755597-0
                                                                                                                                                                                                                                      • Opcode ID: 8cf83e0b553b0dcbb70b6341ee384367a70aa00e3f105b6fde8c2495e224cbc4
                                                                                                                                                                                                                                      • Instruction ID: d9ee2ae511f69a404c0d28e8c52689b3ba730eaa3ccc824f28a94765514200a6
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8cf83e0b553b0dcbb70b6341ee384367a70aa00e3f105b6fde8c2495e224cbc4
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0641F2B0C00659CFDB24CFAAC884B8EBBF5FF49304F24806AD408AB251DB756985CF90
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 096AA828 Relevance: 1.6, APIs: 1, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000010,00000000,?), ref: 096AA7F5
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 0000000F.00000002.1919808343.00000000096A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096A0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_96a0000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: MessagePost
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 410705778-0
                                                                                                                                                                                                                                      • Opcode ID: 261a94801ef085682a2334dac6769ebb3614ac03079ab010c608646d593c8ced
                                                                                                                                                                                                                                      • Instruction ID: a18b04dfecb15d655a684fb2d6d8615c4cb15101e6b85e7dfd6fd1d6adf3c098
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 261a94801ef085682a2334dac6769ebb3614ac03079ab010c608646d593c8ced
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A821CD36E002188BDB20DFE9D5097EEBBF6AF84320F54811AE441B7394CB799D41CEA1
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 030CC9A0 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,030CD2C6,?,?,?,?,?), ref: 030CD387
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 0000000F.00000002.1904837543.00000000030C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030C0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_30c0000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: DuplicateHandle
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 3793708945-0
                                                                                                                                                                                                                                      • Opcode ID: f16f697d9c574e809297d6dd8137189acf0f78574704f2908ce840fb3af7e9c9
                                                                                                                                                                                                                                      • Instruction ID: 4683a1694de24656a7d9090bdcd11daf286d16e7e25f6f764c84578c02fcfcfe
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f16f697d9c574e809297d6dd8137189acf0f78574704f2908ce840fb3af7e9c9
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6B21E4B5901248DFDB10CF9AD984ADEFBF4FB48310F14842AE958A7350D374A950CFA5
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 030CD2F9 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,030CD2C6,?,?,?,?,?), ref: 030CD387
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 0000000F.00000002.1904837543.00000000030C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030C0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_30c0000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: DuplicateHandle
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 3793708945-0
                                                                                                                                                                                                                                      • Opcode ID: 934182434d858e3c8a1e9e2ac8d4b999dc38b4b64a2adfab9ddecf746d0aefdf
                                                                                                                                                                                                                                      • Instruction ID: d12ebb0fe4758645a3405b3b18ebeec9ed5ea5acdb6184aed2c6271b2ccc295e
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 934182434d858e3c8a1e9e2ac8d4b999dc38b4b64a2adfab9ddecf746d0aefdf
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0721E3B59012589FDB10CF9AD984ADEFBF5EB48320F14802AE958B3250D374A950CFA5
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 030CA870 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,030CB101,00000800,00000000,00000000), ref: 030CB312
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 0000000F.00000002.1904837543.00000000030C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030C0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_30c0000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: LibraryLoad
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 1029625771-0
                                                                                                                                                                                                                                      • Opcode ID: 542633bbb807931dd9e76e277963ffa5c201913ea0288522e7e4df382143baa4
                                                                                                                                                                                                                                      • Instruction ID: f7a44ab74a310b761280133fbf55354031f6ff170c410cd4ab709e7fb4da7f69
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 542633bbb807931dd9e76e277963ffa5c201913ea0288522e7e4df382143baa4
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2D1126B6D013498FDB10CF9AC444ADEFBF4EB48310F14842EE819A7210C375A545CFA5
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 030CB2A0 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,030CB101,00000800,00000000,00000000), ref: 030CB312
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 0000000F.00000002.1904837543.00000000030C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030C0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_30c0000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: LibraryLoad
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 1029625771-0
                                                                                                                                                                                                                                      • Opcode ID: 8d263e72561ae5bda5f6d31d88270a53baa779314ff12f0a5652aa0c50954483
                                                                                                                                                                                                                                      • Instruction ID: 21d43a05706a463e63dc323faa51b9b8bb466f1fb1dd98f4311043bd1198c3cf
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8d263e72561ae5bda5f6d31d88270a53baa779314ff12f0a5652aa0c50954483
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9E1114B69002888FDB10CFAAD484AEEFBF4EB48320F14842ED859A7211C375A545CFA5
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 030CB020 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • GetModuleHandleW.KERNELBASE(00000000), ref: 030CB086
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 0000000F.00000002.1904837543.00000000030C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030C0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_30c0000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: HandleModule
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 4139908857-0
                                                                                                                                                                                                                                      • Opcode ID: 1e33ef57c5b05972314f8631e7ebd6615aa31b2aaa4fa3624e60ceb7a251bd9d
                                                                                                                                                                                                                                      • Instruction ID: a856f99a17dd1fc6d4436012bda5c14d197836a7463553efb52642b643ebefa5
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1e33ef57c5b05972314f8631e7ebd6615aa31b2aaa4fa3624e60ceb7a251bd9d
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A311E0B5D013498FDB20DF9AD444ADEFBF4AB88324F24842ED869B7210C375A545CFA5
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 096A62B0 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000010,00000000,?), ref: 096AA7F5
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 0000000F.00000002.1919808343.00000000096A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096A0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_96a0000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: MessagePost
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 410705778-0
                                                                                                                                                                                                                                      • Opcode ID: 3064e6977d3a56428f4202d5e17e00f91057e22783a7cb7f346030792dfef9f8
                                                                                                                                                                                                                                      • Instruction ID: 1c8e7971a107ede8d559327024647bd6b7983a3cd625d39056fd14019042e51a
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3064e6977d3a56428f4202d5e17e00f91057e22783a7cb7f346030792dfef9f8
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6E11F5B5800348DFDB10DF99C484BDEBBF8EB48324F10845AE558A7250C375A944CFA1
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 096AA791 Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000010,00000000,?), ref: 096AA7F5
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 0000000F.00000002.1919808343.00000000096A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096A0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_96a0000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: MessagePost
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 410705778-0
                                                                                                                                                                                                                                      • Opcode ID: 82a17ca6cd125bf97f58be2c36c3f17a22ca3b085e60f91866455a661bc4e597
                                                                                                                                                                                                                                      • Instruction ID: 1810e17ff407160b62ce43c482c93f86122435e0e7db63d8ba1ad8316b9572af
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 82a17ca6cd125bf97f58be2c36c3f17a22ca3b085e60f91866455a661bc4e597
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1611F2B58002489FDB20CF99D484BDEBFF4EB48324F20845AE458A7210C375A984CFA1
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 06CBDA62 Relevance: 1.4, Strings: 1, Instructions: 170COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 0000000F.00000002.1916241365.0000000006CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CB0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_6cb0000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: +k^
                                                                                                                                                                                                                                      • API String ID: 0-4099995976
                                                                                                                                                                                                                                      • Opcode ID: f2d1cc5b1ac330c03508c1f408df1db238b435b316c41f084bf7257833ebf684
                                                                                                                                                                                                                                      • Instruction ID: 752cbc84830f9c914ebeb693d4a5ae83304716d8e220bbef0e5b5181e636c795
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f2d1cc5b1ac330c03508c1f408df1db238b435b316c41f084bf7257833ebf684
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 00712674E053489FCB05DFA9D89499DBBB2FF89310F1481AAE805AB365DB346845CF50
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 06CBEA78 Relevance: 1.4, Strings: 1, Instructions: 107COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 0000000F.00000002.1916241365.0000000006CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CB0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_6cb0000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: Hbq
                                                                                                                                                                                                                                      • API String ID: 0-1245868
                                                                                                                                                                                                                                      • Opcode ID: 943f8e23592a9bda32b6e1c31c46bf52d59593b4f71229205ac6977f8daea55d
                                                                                                                                                                                                                                      • Instruction ID: b4cf5188b5b37ac597dd216eff2dcbbaa13c85068ae68e52efae8f3e1f6fafa7
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 943f8e23592a9bda32b6e1c31c46bf52d59593b4f71229205ac6977f8daea55d
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E1413874E012099FCB44DFA8D584AEEBFB1FF89350F10816AE505AB360C7749A41CFA5
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 06CBEAD7 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 0000000F.00000002.1916241365.0000000006CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CB0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_6cb0000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: Hbq
                                                                                                                                                                                                                                      • API String ID: 0-1245868
                                                                                                                                                                                                                                      • Opcode ID: 3927a59b4dc090ae0b412ef2d760c8939c612a9270be5f0d10af1be4508ddb93
                                                                                                                                                                                                                                      • Instruction ID: 9036ec2e9647ec318bef4cd20382f0a0eddf23fef781e4cc14fc273114c7f30f
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3927a59b4dc090ae0b412ef2d760c8939c612a9270be5f0d10af1be4508ddb93
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 02413B74E002599FCB44DFA8D444AEEBFB1FF89350F10856AE505AB351C7349A81CBA5
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 06CBEAE8 Relevance: 1.3, Strings: 1, Instructions: 92COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 0000000F.00000002.1916241365.0000000006CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CB0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_6cb0000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: Hbq
                                                                                                                                                                                                                                      • API String ID: 0-1245868
                                                                                                                                                                                                                                      • Opcode ID: 630544cfe042fc5b6448c2d47864f825539ecad363a33b3409b5cc195950bf8d
                                                                                                                                                                                                                                      • Instruction ID: ae4e7766550308f8a44d64bbe12adffeb7e63556d41da78fa75ce602a1ec6c8b
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 630544cfe042fc5b6448c2d47864f825539ecad363a33b3409b5cc195950bf8d
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DA41FA74E00219DFCB44DFA8D594AEEBBB2FF88351F108569E505AB350DB349A41CFA4
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 06CBEAA8 Relevance: 1.3, Strings: 1, Instructions: 92COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 0000000F.00000002.1916241365.0000000006CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CB0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_6cb0000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: Hbq
                                                                                                                                                                                                                                      • API String ID: 0-1245868
                                                                                                                                                                                                                                      • Opcode ID: 2c9755e6e64fd3f966a5562e910fd677d133da7decc3a7935cd50e0dff7fe927
                                                                                                                                                                                                                                      • Instruction ID: c1cb40c54b36d7b802ea453fbb561bf9f8c37fb0ff0589646f28fd0062ddca57
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2c9755e6e64fd3f966a5562e910fd677d133da7decc3a7935cd50e0dff7fe927
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 93413774E052489FCB41DFA8D4809EDBFB1FF89340F1081AAE505AB361C7349A41CBA4
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 06CBF310 Relevance: .1, Instructions: 134COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 0000000F.00000002.1916241365.0000000006CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CB0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_6cb0000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 4398c85f9d00ec4cdbd8814ca8e806d1ccfb11df4aaa993864bc1fd584b6c2e9
                                                                                                                                                                                                                                      • Instruction ID: 489a6ab7b012b6f1cc79264fdff8b410b41e444c80480f970ea9f9924a49498a
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4398c85f9d00ec4cdbd8814ca8e806d1ccfb11df4aaa993864bc1fd584b6c2e9
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 01513471E012189FCB04DFA8D848AEEBBB2FF99304F149159D515A7391CB389A45CFA4
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 06CBDAF8 Relevance: .1, Instructions: 130COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 0000000F.00000002.1916241365.0000000006CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CB0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_6cb0000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 83c18a5e2deba4a6490867fb109c73459eecb2ca8d075c0206830ffece5232ff
                                                                                                                                                                                                                                      • Instruction ID: 33608c41d82a0b8ca3dff97c62118ac4a09c0df71b53ca2f8227ddcea420ebc9
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 83c18a5e2deba4a6490867fb109c73459eecb2ca8d075c0206830ffece5232ff
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8B51A574E00218DFCB48DFA9D99499DBBB2FF88311F108169E905AB364DB31AC46CF50
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 06CBF320 Relevance: .1, Instructions: 127COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 0000000F.00000002.1916241365.0000000006CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CB0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_6cb0000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 76b18d326d615474c446e52132cb7052d752e7b5e4929ed39ad9c86d911bd326
                                                                                                                                                                                                                                      • Instruction ID: 9c629618120f9b320342c2856bbcf28557cd13115546246ba5b9200c8b0c568c
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 76b18d326d615474c446e52132cb7052d752e7b5e4929ed39ad9c86d911bd326
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5D510771E002199FDB04DFA8D858AEEBBB2FF98301F109519D515B7391CB389A45CFA4
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 06CBC890 Relevance: .1, Instructions: 120COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 0000000F.00000002.1916241365.0000000006CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CB0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_6cb0000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: b51720aa7915b5d19a9777c296f6d4e8ad01c53c5d0a37980ae318e9202442f0
                                                                                                                                                                                                                                      • Instruction ID: 748a97c0d542f7ce7e8ba41e641620f0dd674563c7ee4fa0fc1a41b8efb0a915
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b51720aa7915b5d19a9777c296f6d4e8ad01c53c5d0a37980ae318e9202442f0
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C1412E31E002199BDB54DFA5C890AEEFBF2AF88700F14912AE455B7340DB70AE46CF91
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 06CBB920 Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 0000000F.00000002.1916241365.0000000006CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CB0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_6cb0000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 86e0ef7319bf84a272e59edc47ef5fe3fbe30841dacae8cb54f2d1cab89537af
                                                                                                                                                                                                                                      • Instruction ID: c2e87aafe00f68a66185acd8443998cdb24885dbe49931d180c91a9ad87fdcd2
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 86e0ef7319bf84a272e59edc47ef5fe3fbe30841dacae8cb54f2d1cab89537af
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A3217C31F042989FC744ABB998507AEBBBAEFC1750F24456AD118CB354CE309C05C7D1
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 02F9D01C Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 0000000F.00000002.1904198766.0000000002F9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F9D000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_2f9d000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 8f18c8985f57630dcaa11f363b8bf663819ae39e42ccfa04c8af421e2fcd700f
                                                                                                                                                                                                                                      • Instruction ID: 708574c76ca0f5f289816442f2ce8e889b285dbf7db01c6fa4457771c26699f7
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8f18c8985f57630dcaa11f363b8bf663819ae39e42ccfa04c8af421e2fcd700f
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CB21F271A04200DFEF14EF24D984B26BBA5FB84B54F30C569DA4A4B26AC33AD447CA61
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 06CBCA80 Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 0000000F.00000002.1916241365.0000000006CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CB0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_6cb0000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 4b8c6c14d9f16ef01b0bbba4d1c88af76d578dfaeb36ead7a4f4c38b49a800a8
                                                                                                                                                                                                                                      • Instruction ID: 4bd2f9adf646685e074489c2bef47fbff41483afe49801fa88ce50eea565698c
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4b8c6c14d9f16ef01b0bbba4d1c88af76d578dfaeb36ead7a4f4c38b49a800a8
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 011104317082942FCB46AFB898245BE3FA7EFC5240B15446EE506DB392DF344D1687AA
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 02F9D005 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 0000000F.00000002.1904198766.0000000002F9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F9D000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_2f9d000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 3de0d5199c7e87431775c4af52b07286fca5f0f9f3469d49a6718e8d3d8311cf
                                                                                                                                                                                                                                      • Instruction ID: 607ff1d6e8a2f5af5793d2eecd7fc7c6ca45f227f835b439f4e3657198227c5a
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3de0d5199c7e87431775c4af52b07286fca5f0f9f3469d49a6718e8d3d8311cf
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9821A1755093C08FDB02DF24D994715BF71EF46214F28C5EAD9498F2A7C33A980ACB62
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 06CBD398 Relevance: .1, Instructions: 60COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 0000000F.00000002.1916241365.0000000006CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CB0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_6cb0000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 1eb911a1fea95e88d2ca9ac5c123cdaf5ace77773866c9ef5b1a7798c4949375
                                                                                                                                                                                                                                      • Instruction ID: 4fe8bbbcf9e9ea29f8ff9b89e23a62a24b94fc72730e7646f52e7a83e5504b96
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1eb911a1fea95e88d2ca9ac5c123cdaf5ace77773866c9ef5b1a7798c4949375
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 98219770A00B058FD774DF29D94469ABBF0BF44260F109A2D94AB97A90DB70F645CF91
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 06CBC1F0 Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 0000000F.00000002.1916241365.0000000006CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CB0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_6cb0000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: beb4e1f46d151739f2df971b8a6396d4eb9e589ed096e610aae3860cc0b51e9a
                                                                                                                                                                                                                                      • Instruction ID: e316fcff6c769d4ee3e29e2db6675081f76e7bd5be2106c5bd723f0a45da78d7
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: beb4e1f46d151739f2df971b8a6396d4eb9e589ed096e610aae3860cc0b51e9a
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 28110274D05218DFDB04CFAAE9487EDFBF6AF89311F10A02AE414B3290DB744A45CB64
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 06CBC710 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 0000000F.00000002.1916241365.0000000006CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CB0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_6cb0000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 6556436d0e6ac045e4fc01b8ae75a9cb6417e7bda75abec91cf902bd17eb718e
                                                                                                                                                                                                                                      • Instruction ID: 2a7937c8a5527d1ab8f9eebef869aeef1e77a53c9b8a63cb895a6c38630772f9
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6556436d0e6ac045e4fc01b8ae75a9cb6417e7bda75abec91cf902bd17eb718e
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 371149B6800249DFDB10CF99D844BEEBFF4EF48320F158419E658A7210C379A550DFA5
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 06CBCD28 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 0000000F.00000002.1916241365.0000000006CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CB0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_6cb0000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 97fc8613d60f332f6137c801a55be0633cf77bc35534e74bd39d1980836a589b
                                                                                                                                                                                                                                      • Instruction ID: 71b4a6bdc4f6514b9812fe4312b5da336615cb24398cc353e53ecc8d44e9aa30
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 97fc8613d60f332f6137c801a55be0633cf77bc35534e74bd39d1980836a589b
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 691134B6800249DFDB10CFA9D845BEEBFF4EF48324F148419E558A7211C379A954DFA1
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 02F8D655 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 0000000F.00000002.1904054196.0000000002F8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F8D000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_2f8d000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: b09af1b8dd9cdc9f375ee0454f9864774603bab26bb3abaed061a7e7d7c7a7fe
                                                                                                                                                                                                                                      • Instruction ID: 67e6a45b4fde53cb2a0489ae48aac44153998bd8effdd96abe79736d8c6edb2a
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b09af1b8dd9cdc9f375ee0454f9864774603bab26bb3abaed061a7e7d7c7a7fe
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4401AC7150534899E7106A35CD84757FF98EF41364F18C519EE0D4A2D5C779D440CE71
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 02F8D654 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 0000000F.00000002.1904054196.0000000002F8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F8D000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_2f8d000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: bac68bfc15615988ffc3e7b0ec033cf4b1312ffbd272a3cbffaf5509c0a29f40
                                                                                                                                                                                                                                      • Instruction ID: 74d6e123ababd974d829531fd071971b19de4d4aca1d1c9a9090349d3b9419f6
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bac68bfc15615988ffc3e7b0ec033cf4b1312ffbd272a3cbffaf5509c0a29f40
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 32F0C2714053449AE7109E16CDC4B66FFA8EF40364F18C45AED0C0A286C3799840CEB1
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 06CBCAF0 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 0000000F.00000002.1916241365.0000000006CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CB0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_6cb0000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 4d4285ea7efd8edd4aee381bde1c94650c2766b2cb649978292e360f51c19e5f
                                                                                                                                                                                                                                      • Instruction ID: 5ef9b11f54eb9d6d355c2ad6143bc5b126ae1dd073a136788bd548174ea4a519
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4d4285ea7efd8edd4aee381bde1c94650c2766b2cb649978292e360f51c19e5f
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CBF082367002196F8B05AE989C559BF7FABEBC8260B01442DFA09D3350DF36892197A9
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 06CBC159 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 0000000F.00000002.1916241365.0000000006CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CB0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_6cb0000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: d0791c767029be45c55f8189540845a12005135502df779635fc4c469961602e
                                                                                                                                                                                                                                      • Instruction ID: ff89e252326c3ffea3fd89ec0905cb57a81c03ae47265d077917f849a69373aa
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d0791c767029be45c55f8189540845a12005135502df779635fc4c469961602e
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 42E06D71A86248AFC701DFB8E504AADBBB1FB92308F2156EDD449D3251DB748E04DB51
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 06CBC168 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 0000000F.00000002.1916241365.0000000006CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CB0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_6cb0000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 1721098e1a59fb9d3c5eefd8e06639136587cfd5bc757fc4c526085e4b22949b
                                                                                                                                                                                                                                      • Instruction ID: ab457e2e8c7e49218ec77d69cbbc37e7f1763883ec6d0acd2a43845afb3fec88
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1721098e1a59fb9d3c5eefd8e06639136587cfd5bc757fc4c526085e4b22949b
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D9E04670A81209EFC740EFB8E904AADBBB9EB81344F1156A8D408A3250DB309E04DB95
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                                                                                      Function 096A64D8 Relevance: .3, Instructions: 283COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 0000000F.00000002.1919808343.00000000096A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096A0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_96a0000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: e2f8fd07721d1b96857cf5446e34989a6ee6b4ef4ccb9c19f0435430ccb9c808
                                                                                                                                                                                                                                      • Instruction ID: 3f6d62b6f6ded56146d96454d5e131ec2c42152b87eb828107b91339b9b895d9
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e2f8fd07721d1b96857cf5446e34989a6ee6b4ef4ccb9c19f0435430ccb9c808
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2DD1D274E01218CFDB54DFA9D890A9DBBB2FF89300F2085AAD419AB365DB305D82CF51
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 096A64E8 Relevance: .3, Instructions: 257COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 0000000F.00000002.1919808343.00000000096A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096A0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_96a0000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 336606ce6f8b373e74ef8e797c08aee52b04a82be2c645251d4b9b5b0fe0ada5
                                                                                                                                                                                                                                      • Instruction ID: b8e4c74801bccea51919d3f23561e00ed77f76237873231650e4d9e3a2a8cc01
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 336606ce6f8b373e74ef8e797c08aee52b04a82be2c645251d4b9b5b0fe0ada5
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3BC1AF74E01218CFDB54DFA9D890A9DBBB2FF89300F2085AAD419AB355DB345D82CF51
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 096A7F3F Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 0000000F.00000002.1919808343.00000000096A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096A0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_96a0000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 6952ad8cf5361ce57c1780110d4ad0ad179eb274fe5ffea1ba4d5e6b9f52d317
                                                                                                                                                                                                                                      • Instruction ID: 411e715db8f45b657677e0f0976468e510c14db431f41c40f3ce79e28c715815
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6952ad8cf5361ce57c1780110d4ad0ad179eb274fe5ffea1ba4d5e6b9f52d317
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 36E01A30D4A11EDAEB14CF92D015BBFF6B06B4534AF609445940973280DF704F468F66
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 06CB5A5A Relevance: 9.2, Strings: 7, Instructions: 466COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 0000000F.00000002.1916241365.0000000006CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CB0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_6cb0000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: (_^q$(_^q$$^q$$^q$$^q$$^q$$^q
                                                                                                                                                                                                                                      • API String ID: 0-2667574237
                                                                                                                                                                                                                                      • Opcode ID: 0e3dc75542810211d3d9134a727f159261ca1ffb88ecab2a7f3b7d9680331294
                                                                                                                                                                                                                                      • Instruction ID: 7048c7f89ba52af255fa9ed308b3444c03d684e0252d218edea15a5dcf123012
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0e3dc75542810211d3d9134a727f159261ca1ffb88ecab2a7f3b7d9680331294
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B7225670A00208DFDB05EFA8E850A9DBBB6FF85340F1095A9D105AB364DB39AD49CF51
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 06CB5A68 Relevance: 9.2, Strings: 7, Instructions: 464COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 0000000F.00000002.1916241365.0000000006CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CB0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_6cb0000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: (_^q$(_^q$$^q$$^q$$^q$$^q$$^q
                                                                                                                                                                                                                                      • API String ID: 0-2667574237
                                                                                                                                                                                                                                      • Opcode ID: 80abefee382b63d2be5981142f2815b4772638209d80376abc50b7ae70efb187
                                                                                                                                                                                                                                      • Instruction ID: d563e21109644e735ac8377674c2162857808a9a1708e2c8fa61fd66dc8842ea
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 80abefee382b63d2be5981142f2815b4772638209d80376abc50b7ae70efb187
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CA225670A00208DFDB05EFA8E850A9EBBB6FF84340F1095A9D105AB364DB39AD49CF51
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 06CB5279 Relevance: 6.5, Strings: 5, Instructions: 274COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 0000000F.00000002.1916241365.0000000006CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CB0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_6cb0000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: (_^q$(_^q$$^q$$^q$$^q
                                                                                                                                                                                                                                      • API String ID: 0-142850551
                                                                                                                                                                                                                                      • Opcode ID: 8defa43baacd24a520a2f358b7a812c221fb31de4b4407ba76f58e6b6fe960ac
                                                                                                                                                                                                                                      • Instruction ID: dc6ef1c88169ecad3e7d323c644e6ebffdf5faeda91022135545208e9589b944
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8defa43baacd24a520a2f358b7a812c221fb31de4b4407ba76f58e6b6fe960ac
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 43C1F970E40208DFDB05EFA8E954A9DBBB6FF88304F1084A9D1156B3A4DB79AD45CF60
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 06CB5288 Relevance: 6.5, Strings: 5, Instructions: 273COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 0000000F.00000002.1916241365.0000000006CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CB0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_6cb0000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: (_^q$(_^q$$^q$$^q$$^q
                                                                                                                                                                                                                                      • API String ID: 0-142850551
                                                                                                                                                                                                                                      • Opcode ID: 2fef98d959335ecbc1c89929cbd1573f37fdebcecf63144df71724a25fdec47f
                                                                                                                                                                                                                                      • Instruction ID: 4f1a606e3d40630128c0066b308c0948cc6430e8f5039c1aeb6aa8ee8a0a0052
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2fef98d959335ecbc1c89929cbd1573f37fdebcecf63144df71724a25fdec47f
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 91C1F870E40208DFDB05EFA8E954A9DBBB6FF88304F108469D115AB3A4DB79AD45CF60
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Execution Graph

                                                                                                                                                                                                                                      Execution Coverage:18.8%
                                                                                                                                                                                                                                      Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                      Signature Coverage:2.3%
                                                                                                                                                                                                                                      Total number of Nodes:173
                                                                                                                                                                                                                                      Total number of Limit Nodes:20
                                                                                                                                                                                                                                      execution_graph 38417 142d300 DuplicateHandle 38418 142d396 38417->38418 38440 71a9aa8 38441 71a9c33 38440->38441 38443 71a9ace 38440->38443 38443->38441 38444 71a4548 38443->38444 38445 71a9d28 PostMessageW 38444->38445 38447 71a9d94 38445->38447 38447->38443 38448 6171060 38449 6171062 38448->38449 38454 61714c2 38449->38454 38463 61710c0 38449->38463 38472 61710b0 38449->38472 38450 6171096 38455 6171490 38454->38455 38456 61714f8 38455->38456 38481 6177347 38455->38481 38489 6177358 38455->38489 38497 6177ea0 38456->38497 38502 6177e90 38456->38502 38507 6177f3c 38456->38507 38457 6171586 38457->38450 38465 61710c6 38463->38465 38464 61714f8 38469 6177e90 5 API calls 38464->38469 38470 6177ea0 5 API calls 38464->38470 38471 6177f3c 5 API calls 38464->38471 38465->38464 38467 6177347 6 API calls 38465->38467 38468 6177358 6 API calls 38465->38468 38466 6171586 38466->38450 38467->38465 38468->38465 38469->38466 38470->38466 38471->38466 38474 61710b8 38472->38474 38473 61714f8 38478 6177e90 5 API calls 38473->38478 38479 6177ea0 5 API calls 38473->38479 38480 6177f3c 5 API calls 38473->38480 38474->38473 38476 6177347 6 API calls 38474->38476 38477 6177358 6 API calls 38474->38477 38475 6171586 38475->38450 38476->38474 38477->38474 38478->38475 38479->38475 38480->38475 38482 617734c 38481->38482 38512 61773e8 38482->38512 38483 6177391 38516 6177642 38483->38516 38523 61775d0 38483->38523 38530 61775c3 38483->38530 38484 61773c8 38484->38455 38490 617737f 38489->38490 38493 61773e8 GetKeyboardLayout 38490->38493 38491 6177391 38494 61775c3 3 API calls 38491->38494 38495 6177642 3 API calls 38491->38495 38496 61775d0 3 API calls 38491->38496 38492 61773c8 38492->38455 38493->38491 38494->38492 38495->38492 38496->38492 38499 6177ea2 38497->38499 38498 6177f6f 38498->38457 38499->38498 38545 617b918 38499->38545 38553 617b928 38499->38553 38504 6177e94 38502->38504 38503 6177e8e 38503->38457 38504->38503 38505 617b918 5 API calls 38504->38505 38506 617b928 5 API calls 38504->38506 38505->38504 38506->38504 38509 6177f0a 38507->38509 38508 6177f6f 38508->38457 38509->38508 38510 617b918 5 API calls 38509->38510 38511 617b928 5 API calls 38509->38511 38510->38509 38511->38509 38513 61773ec 38512->38513 38514 6177444 GetKeyboardLayout 38513->38514 38515 6177471 38514->38515 38515->38483 38517 6177655 38516->38517 38537 6177790 38517->38537 38541 61777a0 38517->38541 38518 61776b6 KiUserExceptionDispatcher 38520 617772f 38518->38520 38520->38484 38524 61775ec 38523->38524 38528 6177790 LdrInitializeThunk 38524->38528 38529 61777a0 LdrInitializeThunk 38524->38529 38525 61776b6 KiUserExceptionDispatcher 38527 617772f 38525->38527 38527->38484 38528->38525 38529->38525 38531 61775cc 38530->38531 38535 6177790 LdrInitializeThunk 38531->38535 38536 61777a0 LdrInitializeThunk 38531->38536 38532 61776b6 KiUserExceptionDispatcher 38534 617772f 38532->38534 38534->38484 38535->38532 38536->38532 38538 6177794 38537->38538 38539 61777ff LdrInitializeThunk 38538->38539 38540 61777f7 38538->38540 38539->38540 38540->38518 38542 61777a2 38541->38542 38543 61777ff LdrInitializeThunk 38542->38543 38544 61777f7 38542->38544 38543->38544 38544->38518 38546 617b91c 38545->38546 38547 617b9d4 38546->38547 38561 617ea57 38546->38561 38565 617e0f8 38546->38565 38569 617d648 38546->38569 38573 617e3a3 38546->38573 38577 617eb36 38546->38577 38547->38499 38554 617b92a 38553->38554 38555 617b9d4 38554->38555 38556 617ea57 LdrInitializeThunk 38554->38556 38557 617eb36 LdrInitializeThunk 38554->38557 38558 617e3a3 LdrInitializeThunk 38554->38558 38559 617d648 LdrInitializeThunk 38554->38559 38560 617e0f8 LdrInitializeThunk 38554->38560 38555->38499 38556->38555 38557->38555 38558->38555 38559->38555 38560->38555 38564 617d7b8 38561->38564 38562 617eb20 38563 617dfd3 LdrInitializeThunk 38563->38564 38564->38562 38564->38563 38567 617d7b8 38565->38567 38566 617eb20 38567->38566 38568 617dfd3 LdrInitializeThunk 38567->38568 38568->38567 38572 617d64c 38569->38572 38570 617eb20 38571 617dfd3 LdrInitializeThunk 38571->38572 38572->38570 38572->38571 38575 617d7b8 38573->38575 38574 617eb20 38575->38574 38576 617dfd3 LdrInitializeThunk 38575->38576 38576->38575 38578 617eb20 38577->38578 38580 617d7b8 38577->38580 38579 617dfd3 LdrInitializeThunk 38579->38580 38580->38578 38580->38579 38419 1424668 38420 1424684 38419->38420 38421 1424696 38420->38421 38423 14247a0 38420->38423 38424 14247c5 38423->38424 38428 14248b0 38424->38428 38432 14248a1 38424->38432 38430 14248d7 38428->38430 38429 14249b4 38429->38429 38430->38429 38436 1424248 38430->38436 38434 14248d7 38432->38434 38433 14249b4 38433->38433 38434->38433 38435 1424248 CreateActCtxA 38434->38435 38435->38433 38437 1425940 CreateActCtxA 38436->38437 38439 1425a03 38437->38439 38581 142ad38 38582 142ad47 38581->38582 38585 142ae20 38581->38585 38593 142ae30 38581->38593 38586 142ae41 38585->38586 38587 142ae64 38585->38587 38586->38587 38601 142b0b8 38586->38601 38605 142b0c8 38586->38605 38587->38582 38588 142ae5c 38588->38587 38589 142b068 GetModuleHandleW 38588->38589 38590 142b095 38589->38590 38590->38582 38594 142ae41 38593->38594 38595 142ae64 38593->38595 38594->38595 38599 142b0c8 LoadLibraryExW 38594->38599 38600 142b0b8 LoadLibraryExW 38594->38600 38595->38582 38596 142ae5c 38596->38595 38597 142b068 GetModuleHandleW 38596->38597 38598 142b095 38597->38598 38598->38582 38599->38596 38600->38596 38602 142b0dc 38601->38602 38604 142b101 38602->38604 38609 142a870 38602->38609 38604->38588 38606 142b0dc 38605->38606 38607 142b101 38606->38607 38608 142a870 LoadLibraryExW 38606->38608 38607->38588 38608->38607 38610 142b2a8 LoadLibraryExW 38609->38610 38612 142b321 38610->38612 38612->38604 38613 142d0b8 38614 142d0fe GetCurrentProcess 38613->38614 38616 142d150 GetCurrentThread 38614->38616 38618 142d149 38614->38618 38617 142d18d GetCurrentProcess 38616->38617 38619 142d186 38616->38619 38622 142d1c3 38617->38622 38618->38616 38619->38617 38620 142d1eb GetCurrentThreadId 38621 142d21c 38620->38621 38622->38620 38623 61774a8 38624 61774b3 38623->38624 38625 61774c3 38624->38625 38627 6176e94 38624->38627 38628 61774f8 OleInitialize 38627->38628 38629 617755c 38628->38629 38629->38625

                                                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                                                      Function 0617D648 Relevance: 6.4, APIs: 1, Strings: 2, Instructions: 1103libraryCOMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 596 617d648-617d64a 597 617d652 596->597 598 617d64c 596->598 601 617d653-617d655 597->601 602 617d65a-617d683 597->602 599 617d695-617d726 598->599 600 617d64e 598->600 609 617d778-617d7b3 599->609 610 617d728-617d772 599->610 603 617d656-617d659 600->603 604 617d650 600->604 601->603 605 617d685 602->605 606 617d68a-617d694 602->606 603->602 604->597 605->606 606->599 615 617eb01-617eb1a 609->615 610->609 618 617eb20-617eb46 615->618 619 617d7b8-617d947 call 6179d20 615->619 622 617eb55 618->622 623 617eb48-617eb54 618->623 638 617eab9-617ead3 619->638 625 617eb56 622->625 623->622 625->625 640 617d94c-617da90 call 61733ec call 61733fc 638->640 641 617ead9-617eafd 638->641 659 617dac3-617db0a 640->659 660 617da92-617dabe 640->660 641->615 666 617db2f-617db3e 659->666 667 617db0c-617db2d call 617aeb8 659->667 663 617db51-617dd08 call 617b0a8 660->663 690 617dd5a-617dd65 663->690 691 617dd0a-617dd54 663->691 673 617db44-617db50 666->673 667->673 673->663 852 617dd6b call 617ec61 690->852 853 617dd6b call 617ec70 690->853 691->690 693 617dd71-617ddd5 698 617de27-617de32 693->698 699 617ddd7-617de21 693->699 848 617de38 call 617ec61 698->848 849 617de38 call 617ec70 698->849 699->698 701 617de3e-617dea1 706 617def3-617defe 701->706 707 617dea3-617deed 701->707 858 617df04 call 617ec61 706->858 859 617df04 call 617ec70 706->859 707->706 708 617df0a-617df43 712 617e3bc-617e443 708->712 713 617df49-617dfac 708->713 724 617e445-617e49b 712->724 725 617e4a1-617e4ac 712->725 721 617dfb3-617e005 LdrInitializeThunk call 617d284 713->721 722 617dfae 713->722 732 617e00a-617e132 call 617c2c0 call 617d068 call 617bb7c call 617bb8c 721->732 722->721 724->725 850 617e4b2 call 617ec61 725->850 851 617e4b2 call 617ec70 725->851 729 617e4b8-617e545 742 617e547-617e59d 729->742 743 617e5a3-617e5ae 729->743 766 617e39f-617e3bb 732->766 767 617e138-617e18a 732->767 742->743 860 617e5b4 call 617ec61 743->860 861 617e5b4 call 617ec70 743->861 748 617e5ba-617e632 758 617e634-617e68a 748->758 759 617e690-617e69b 748->759 758->759 856 617e6a1 call 617ec61 759->856 857 617e6a1 call 617ec70 759->857 763 617e6a7-617e713 777 617e765-617e770 763->777 778 617e715-617e75f 763->778 766->712 775 617e1dc-617e257 767->775 776 617e18c-617e1d6 767->776 793 617e2a9-617e323 775->793 794 617e259-617e2a3 775->794 776->775 854 617e776 call 617ec61 777->854 855 617e776 call 617ec70 777->855 778->777 782 617e77c-617e7c1 791 617e8f7-617eaa0 782->791 792 617e7c7-617e8f6 782->792 845 617eaa2-617eab7 791->845 846 617eab8 791->846 792->791 808 617e375-617e39e 793->808 809 617e325-617e36f 793->809 794->793 808->766 809->808 845->846 846->638 848->701 849->701 850->729 851->729 852->693 853->693 854->782 855->782 856->763 857->763 858->708 859->708 860->748 861->748
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000012.00000002.1891492373.0000000006170000.00000040.00000800.00020000.00000000.sdmp, Offset: 06170000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_18_2_6170000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                                                                                                      • String ID: s5${-
                                                                                                                                                                                                                                      • API String ID: 2994545307-4129478044
                                                                                                                                                                                                                                      • Opcode ID: 5ff7b58235851f492c89f6ca6093146879c497634dcc24ef5fab4b154ce6ecba
                                                                                                                                                                                                                                      • Instruction ID: c63f4364c29cda0585a072ddf5ea1081d4f511473532136caa8ac63875fda380
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5ff7b58235851f492c89f6ca6093146879c497634dcc24ef5fab4b154ce6ecba
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FAC28E74A012299FCBA4DF28D998B9DB7B2BB49304F1085EAD40DA7354DB31AE85CF50
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 061D0CF0 Relevance: 21.9, Strings: 17, Instructions: 618COMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 294 61d0cf0-61d0d35 299 61d0d3b-61d0d3d 294->299 300 61d0e67-61d0e7a 294->300 301 61d0d40-61d0d4f 299->301 304 61d0f70-61d0f7b 300->304 305 61d0e80-61d0e8f 300->305 307 61d0d55-61d0d87 301->307 308 61d0e07-61d0e0b 301->308 306 61d0f83-61d0f8c 304->306 313 61d0f3b-61d0f3f 305->313 314 61d0e95-61d0ebb 305->314 342 61d0d89-61d0d8e 307->342 343 61d0d90-61d0d97 307->343 310 61d0e0d-61d0e18 308->310 311 61d0e1a 308->311 312 61d0e1f-61d0e22 310->312 311->312 312->306 316 61d0e28-61d0e2c 312->316 317 61d0f4e 313->317 318 61d0f41-61d0f4c 313->318 344 61d0ebd-61d0ec2 314->344 345 61d0ec4-61d0ecb 314->345 321 61d0e2e-61d0e39 316->321 322 61d0e3b 316->322 320 61d0f50-61d0f52 317->320 318->320 326 61d0f54-61d0f5e 320->326 327 61d0fa3-61d0fd1 320->327 328 61d0e3d-61d0e3f 321->328 322->328 337 61d0f61-61d0f6a 326->337 347 61d1031-61d1037 327->347 348 61d0fd3-61d0fd6 327->348 331 61d0f8f-61d0f9c 328->331 332 61d0e45-61d0e4f 328->332 331->327 346 61d0e52-61d0e5c 332->346 337->304 337->305 349 61d0dfb-61d0e05 342->349 352 61d0dbc-61d0de0 343->352 353 61d0d99-61d0dba 343->353 351 61d0f2f-61d0f39 344->351 354 61d0ecd-61d0eee 345->354 355 61d0ef0-61d0f14 345->355 346->301 350 61d0e62 346->350 356 61d1038-61d103b 347->356 357 61d1091-61d1095 347->357 358 61d0fde-61d101d 348->358 359 61d0fd8-61d0fdd 348->359 349->346 350->306 351->337 379 61d0df8 352->379 380 61d0de2-61d0de8 352->380 353->349 354->351 381 61d0f2c 355->381 382 61d0f16-61d0f1c 355->382 362 61d1045 356->362 367 61d10a4 357->367 368 61d1097-61d10a2 357->368 404 61d10f1-61d1104 358->404 405 61d1023-61d1025 358->405 359->358 376 61d104f-61d1066 362->376 369 61d10a9-61d10ac 367->369 368->369 374 61d11af-61d11b8 369->374 375 61d10b2-61d10b6 369->375 383 61d10b8-61d10c3 375->383 384 61d10c5 375->384 391 61d106c-61d106e 376->391 379->349 386 61d0dec-61d0dee 380->386 387 61d0dea 380->387 381->351 388 61d0f1e 382->388 389 61d0f20-61d0f22 382->389 390 61d10c7-61d10c9 383->390 384->390 386->379 387->379 388->381 389->381 394 61d10cf-61d10d9 390->394 395 61d11bb-61d11c8 390->395 396 61d1086-61d108f 391->396 397 61d1070-61d1076 391->397 406 61d10dc-61d10e6 394->406 407 61d11cf-61d1217 395->407 396->406 398 61d1078 397->398 399 61d107a-61d107c 397->399 398->396 399->396 411 61d119c-61d11a7 404->411 412 61d110a-61d1119 404->412 408 61d1028-61d1037 405->408 406->408 409 61d10ec 406->409 425 61d122f-61d1251 407->425 426 61d1219-61d121f 407->426 408->357 415 61d1039-61d103b 408->415 409->374 411->374 418 61d111b-61d1144 412->418 419 61d1167-61d116b 412->419 415->362 434 61d115c-61d1165 418->434 435 61d1146-61d114c 418->435 420 61d116d-61d1178 419->420 421 61d117a 419->421 423 61d117c-61d117e 420->423 421->423 423->407 428 61d1180-61d118a 423->428 440 61d1254-61d1258 425->440 429 61d1221 426->429 430 61d1223-61d1225 426->430 437 61d118d-61d1196 428->437 429->425 430->425 434->437 438 61d114e 435->438 439 61d1150-61d1152 435->439 437->411 437->412 438->434 439->434 442 61d125a-61d125f 440->442 443 61d1261-61d1266 440->443 444 61d126c-61d126f 442->444 443->444 445 61d1275-61d128a 444->445 446 61d1460-61d1468 444->446 445->440 448 61d128c 445->448 449 61d1348-61d136d 448->449 450 61d1400 448->450 451 61d1293-61d12b8 448->451 463 61d136f-61d1371 449->463 464 61d1373-61d1377 449->464 452 61d140a-61d1421 450->452 461 61d12be-61d12c2 451->461 462 61d12ba-61d12bc 451->462 455 61d1427-61d1441 452->455 470 61d144b-61d144e 455->470 468 61d12c4-61d12e1 461->468 469 61d12e3-61d1306 461->469 467 61d1320-61d1343 462->467 471 61d13d5-61d13fb 463->471 465 61d1379-61d1396 464->465 466 61d1398-61d13bb 464->466 465->471 485 61d13bd-61d13c3 466->485 486 61d13d3 466->486 467->440 468->467 487 61d131e 469->487 488 61d1308-61d130e 469->488 478 61d1456-61d145b 470->478 471->440 478->440 489 61d13c5 485->489 490 61d13c7-61d13c9 485->490 486->471 487->467 491 61d1310 488->491 492 61d1312-61d1314 488->492 489->486 490->486 491->487 492->487
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000012.00000002.1891558373.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_18_2_61d0000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: t$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
                                                                                                                                                                                                                                      • API String ID: 0-817483638
                                                                                                                                                                                                                                      • Opcode ID: 3bb4a3ebe494f6ad6597d73159c2345ed536e91161447ce0290c583fee377995
                                                                                                                                                                                                                                      • Instruction ID: 00c845468f4a99f067fcbdd1e44428332b5e305660b11539ab8f31d4b97f06eb
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3bb4a3ebe494f6ad6597d73159c2345ed536e91161447ce0290c583fee377995
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8A22A030B04244AFDB489F69C894A6E7BF6BF89310F248859E506CB3A6DF75DC41CB91
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 061D14EA Relevance: 7.8, Strings: 6, Instructions: 333COMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 493 61d14ea-61d14ec 494 61d14f6 493->494 495 61d1500-61d1517 494->495 496 61d151d-61d151f 495->496 497 61d1537-61d1559 496->497 498 61d1521-61d1527 496->498 503 61d15a0-61d15a7 497->503 499 61d1529 498->499 500 61d152b-61d152d 498->500 499->497 500->497 504 61d15ad-61d16af 503->504 505 61d14d9-61d14e8 503->505 505->493 508 61d155b-61d155f 505->508 509 61d156e 508->509 510 61d1561-61d156c 508->510 512 61d1573-61d1576 509->512 510->512 512->504 515 61d1578-61d157c 512->515 516 61d157e-61d1589 515->516 517 61d158b 515->517 518 61d158d-61d158f 516->518 517->518 520 61d1595-61d159f 518->520 521 61d16b2-61d170f 518->521 520->503 528 61d1727-61d1749 521->528 529 61d1711-61d1717 521->529 534 61d174c-61d1750 528->534 530 61d1719 529->530 531 61d171b-61d171d 529->531 530->528 531->528 535 61d1759-61d175e 534->535 536 61d1752-61d1757 534->536 537 61d1764-61d1767 535->537 536->537 538 61d176d-61d1782 537->538 539 61d1a27-61d1a2f 537->539 538->534 541 61d1784 538->541 542 61d196f-61d1994 541->542 543 61d18f8-61d1925 541->543 544 61d178b-61d183b 541->544 545 61d1840-61d18f3 541->545 558 61d199a-61d199e 542->558 559 61d1996-61d1998 542->559 564 61d1a9e-61d1ae3 543->564 565 61d192b-61d1935 543->565 544->534 545->534 566 61d19bf-61d19e2 558->566 567 61d19a0-61d19bd 558->567 563 61d19fc-61d1a22 559->563 563->534 570 61d1a68-61d1a97 565->570 571 61d193b-61d196a 565->571 587 61d19fa 566->587 588 61d19e4-61d19ea 566->588 567->563 570->564 571->534 587->563 590 61d19ec 588->590 591 61d19ee-61d19f0 588->591 590->587 591->587
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000012.00000002.1891558373.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_18_2_61d0000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: $^q$$^q$$^q$$^q$$^q$$^q
                                                                                                                                                                                                                                      • API String ID: 0-2392861976
                                                                                                                                                                                                                                      • Opcode ID: 934c0e9af19e468050f260d378e7e10a842848c917af62aff9424f1779b1e829
                                                                                                                                                                                                                                      • Instruction ID: 71ad867de5f419c88d79e4ea3783d06f41417226ee8167a93a256d8f651ecab0
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 934c0e9af19e468050f260d378e7e10a842848c917af62aff9424f1779b1e829
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 67C1E130B80304AFDB589B78C895A6E77E6EF89704F108869E5038B7A6CF75DC46C791
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 0142D0A8 Relevance: 6.1, APIs: 4, Instructions: 131threadCOMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 862 142d0a8-142d147 GetCurrentProcess 866 142d150-142d184 GetCurrentThread 862->866 867 142d149-142d14f 862->867 868 142d186-142d18c 866->868 869 142d18d-142d1c1 GetCurrentProcess 866->869 867->866 868->869 870 142d1c3-142d1c9 869->870 871 142d1ca-142d1e5 call 142d289 869->871 870->871 875 142d1eb-142d21a GetCurrentThreadId 871->875 876 142d223-142d285 875->876 877 142d21c-142d222 875->877 877->876
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32 ref: 0142D136
                                                                                                                                                                                                                                      • GetCurrentThread.KERNEL32 ref: 0142D173
                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32 ref: 0142D1B0
                                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 0142D209
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000012.00000002.1885168339.0000000001420000.00000040.00000800.00020000.00000000.sdmp, Offset: 01420000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_18_2_1420000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: Current$ProcessThread
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2063062207-0
                                                                                                                                                                                                                                      • Opcode ID: 558b7d923f82e94345a74d9fc0dbb0d4f6346f2b0659963e10bed73f241e6b36
                                                                                                                                                                                                                                      • Instruction ID: 5eb9285cfa59d0d5017b64f2ec7cf29445a4e24ffda6ae0b311585ec63faee56
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 558b7d923f82e94345a74d9fc0dbb0d4f6346f2b0659963e10bed73f241e6b36
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4F5136B0D00249CFDB14CFA9D548BAEBBF1EF88314F24845AD159A73A0D7349984CB65
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 0142D0B8 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 884 142d0b8-142d147 GetCurrentProcess 888 142d150-142d184 GetCurrentThread 884->888 889 142d149-142d14f 884->889 890 142d186-142d18c 888->890 891 142d18d-142d1c1 GetCurrentProcess 888->891 889->888 890->891 892 142d1c3-142d1c9 891->892 893 142d1ca-142d1e5 call 142d289 891->893 892->893 897 142d1eb-142d21a GetCurrentThreadId 893->897 898 142d223-142d285 897->898 899 142d21c-142d222 897->899 899->898
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32 ref: 0142D136
                                                                                                                                                                                                                                      • GetCurrentThread.KERNEL32 ref: 0142D173
                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32 ref: 0142D1B0
                                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 0142D209
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000012.00000002.1885168339.0000000001420000.00000040.00000800.00020000.00000000.sdmp, Offset: 01420000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_18_2_1420000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: Current$ProcessThread
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2063062207-0
                                                                                                                                                                                                                                      • Opcode ID: 6fd55ce77f8e3cc6ff3dfa2a4e7c404ccda3632a025dfd2e62c25c36b2b1817e
                                                                                                                                                                                                                                      • Instruction ID: 5503eeb114b562b468e806aa079109ef29e81b81f6dc1f85edc0b68c6f3bad7f
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6fd55ce77f8e3cc6ff3dfa2a4e7c404ccda3632a025dfd2e62c25c36b2b1817e
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E25145B0D002498FDB14DFAAD548BAEBBF1EF48314F20845AE119A73A0D7349984CF65
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 0142AE30 Relevance: 1.7, APIs: 1, Instructions: 196COMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 1559 142ae30-142ae3f 1560 142ae41-142ae4e call 1429838 1559->1560 1561 142ae6b-142ae6f 1559->1561 1566 142ae50 1560->1566 1567 142ae64 1560->1567 1562 142ae83-142aec4 1561->1562 1563 142ae71-142ae7b 1561->1563 1570 142aed1-142aedf 1562->1570 1571 142aec6-142aece 1562->1571 1563->1562 1616 142ae56 call 142b0c8 1566->1616 1617 142ae56 call 142b0b8 1566->1617 1567->1561 1573 142af03-142af05 1570->1573 1574 142aee1-142aee6 1570->1574 1571->1570 1572 142ae5c-142ae5e 1572->1567 1575 142afa0-142afb7 1572->1575 1576 142af08-142af0f 1573->1576 1577 142aef1 1574->1577 1578 142aee8-142aeef call 142a814 1574->1578 1590 142afb9-142b018 1575->1590 1580 142af11-142af19 1576->1580 1581 142af1c-142af23 1576->1581 1582 142aef3-142af01 1577->1582 1578->1582 1580->1581 1585 142af30-142af39 call 142a824 1581->1585 1586 142af25-142af2d 1581->1586 1582->1576 1591 142af46-142af4b 1585->1591 1592 142af3b-142af43 1585->1592 1586->1585 1610 142b01a-142b060 1590->1610 1593 142af69-142af76 1591->1593 1594 142af4d-142af54 1591->1594 1592->1591 1599 142af78-142af96 1593->1599 1600 142af99-142af9f 1593->1600 1594->1593 1596 142af56-142af66 call 142a834 call 142a844 1594->1596 1596->1593 1599->1600 1611 142b062-142b065 1610->1611 1612 142b068-142b093 GetModuleHandleW 1610->1612 1611->1612 1613 142b095-142b09b 1612->1613 1614 142b09c-142b0b0 1612->1614 1613->1614 1616->1572 1617->1572
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • GetModuleHandleW.KERNELBASE(00000000), ref: 0142B086
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000012.00000002.1885168339.0000000001420000.00000040.00000800.00020000.00000000.sdmp, Offset: 01420000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_18_2_1420000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: HandleModule
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 4139908857-0
                                                                                                                                                                                                                                      • Opcode ID: 662fcc04a56384d891f88039ef6f5f97ac8eb1aac42d562328051f7d060c8ff6
                                                                                                                                                                                                                                      • Instruction ID: e48d9eac4075b3fd7864195cd76dd65675cbb9afca017e03b91169c77ff40d07
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 662fcc04a56384d891f88039ef6f5f97ac8eb1aac42d562328051f7d060c8ff6
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C67135B0A00B158FD724DF29D05475ABBF1FF88204F54892ED986D7B60D778E88ACB90
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 061775D0 Relevance: 1.6, APIs: 1, Instructions: 123COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • KiUserExceptionDispatcher.NTDLL ref: 06177718
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000012.00000002.1891492373.0000000006170000.00000040.00000800.00020000.00000000.sdmp, Offset: 06170000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_18_2_6170000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: DispatcherExceptionUser
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 6842923-0
                                                                                                                                                                                                                                      • Opcode ID: 52433b0ef8f5f3aacaa05f0c3edaf304c2ff834928307c518a9aff770025f82c
                                                                                                                                                                                                                                      • Instruction ID: ad5f007194b7a77b5de24e16748f9cfc50841e8f59a206c441e0261c46ced03e
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 52433b0ef8f5f3aacaa05f0c3edaf304c2ff834928307c518a9aff770025f82c
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0D5194B4E0120DDFDB48DFA9D5946EDBBB2FB88300F10952AE415AB358EB345946CF41
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 061775C3 Relevance: 1.6, APIs: 1, Instructions: 122COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • KiUserExceptionDispatcher.NTDLL ref: 06177718
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000012.00000002.1891492373.0000000006170000.00000040.00000800.00020000.00000000.sdmp, Offset: 06170000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_18_2_6170000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: DispatcherExceptionUser
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 6842923-0
                                                                                                                                                                                                                                      • Opcode ID: 0282e940f6e9a96543b03948afe492d93bc68ba305b51509895443308d4df72e
                                                                                                                                                                                                                                      • Instruction ID: e2a7f3b5cbf8c1cb746a5a95ab5f57367caf64c8d2280e0659f68db35b002d28
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0282e940f6e9a96543b03948afe492d93bc68ba305b51509895443308d4df72e
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3251C7B4E0120D9FDB48EFA9D5946DDBBB2FF88300F109529D415AB354EB345946CF41
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 01425935 Relevance: 1.6, APIs: 1, Instructions: 99COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • CreateActCtxA.KERNEL32(?), ref: 014259F1
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000012.00000002.1885168339.0000000001420000.00000040.00000800.00020000.00000000.sdmp, Offset: 01420000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_18_2_1420000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: Create
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2289755597-0
                                                                                                                                                                                                                                      • Opcode ID: 9f86b0b92fb9bd8ee9af574495e596e34dbdb13fc862557050d0798faf3748d5
                                                                                                                                                                                                                                      • Instruction ID: 479b37d5df5862222d87ba80554f1da8f017ac5fb93dcc58559129e6b156948f
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9f86b0b92fb9bd8ee9af574495e596e34dbdb13fc862557050d0798faf3748d5
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9941E2B0D00729CEDB24CFA9C8857DEBBB5FF45304F24809AD409AB261DB756986CF91
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 01424248 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • CreateActCtxA.KERNEL32(?), ref: 014259F1
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000012.00000002.1885168339.0000000001420000.00000040.00000800.00020000.00000000.sdmp, Offset: 01420000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_18_2_1420000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: Create
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2289755597-0
                                                                                                                                                                                                                                      • Opcode ID: 8de0e8a4b146418ba468fe59d297947a4c6b1a21371033e491eb4b869b27f4c0
                                                                                                                                                                                                                                      • Instruction ID: 8b615e1082391f33ff29ada79ee01230cd71bb54a6a58afa5b95aa9a4c9014b4
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8de0e8a4b146418ba468fe59d297947a4c6b1a21371033e491eb4b869b27f4c0
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FA41D2B0D00729CADB24CFA9C844BDEBBB5FF45304F24815AD409AB265DB756985CF90
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 06177642 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • KiUserExceptionDispatcher.NTDLL ref: 06177718
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000012.00000002.1891492373.0000000006170000.00000040.00000800.00020000.00000000.sdmp, Offset: 06170000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_18_2_6170000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: DispatcherExceptionUser
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 6842923-0
                                                                                                                                                                                                                                      • Opcode ID: 2b3c6a43530151e017539d79d8a9f04c9ba341868f07ef84aefac1b82ad2dcd8
                                                                                                                                                                                                                                      • Instruction ID: 8460c81e607f9dc32bcaa8dc1f525f12fc6aa867403c185b010b6bf705a63fc7
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2b3c6a43530151e017539d79d8a9f04c9ba341868f07ef84aefac1b82ad2dcd8
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9A3174B4E0020D9FCB44EFA8D5A4ADDBBB2FF48300F20952AD416AB358EB355946DF51
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 071A9DBB Relevance: 1.6, APIs: 1, Instructions: 76windowCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000010,00000000,?), ref: 071A9D85
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000012.00000002.1893839232.00000000071A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071A0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_18_2_71a0000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: MessagePost
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 410705778-0
                                                                                                                                                                                                                                      • Opcode ID: aad854c18051943848c682f1f28d88744c1df53eb8385a02d672438035f2952d
                                                                                                                                                                                                                                      • Instruction ID: 7bedac3c96d14b059d44074c7208f92d016d860b2a3fd3f113de56da49800767
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: aad854c18051943848c682f1f28d88744c1df53eb8385a02d672438035f2952d
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7F21ADFA9042199FDB11CFA5D549BEEBFF4AF48310F14845AD444B7291C735A984CFA0
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 0142D300 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0142D387
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000012.00000002.1885168339.0000000001420000.00000040.00000800.00020000.00000000.sdmp, Offset: 01420000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_18_2_1420000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: DuplicateHandle
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 3793708945-0
                                                                                                                                                                                                                                      • Opcode ID: 0ca78febee10623f08c41eb23c0b0b10c442a7700412f5f3b8ed74a075421d56
                                                                                                                                                                                                                                      • Instruction ID: 8dffec92c90283727f25f09d509179a885957364f113e036d5afe60586261cdc
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0ca78febee10623f08c41eb23c0b0b10c442a7700412f5f3b8ed74a075421d56
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5821B3B59002589FDB10CF9AD584ADEBBF4EB48310F14841AE958A7350D378A954CFA5
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 0142D2F9 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0142D387
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000012.00000002.1885168339.0000000001420000.00000040.00000800.00020000.00000000.sdmp, Offset: 01420000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_18_2_1420000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: DuplicateHandle
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 3793708945-0
                                                                                                                                                                                                                                      • Opcode ID: ec31e9eeb57b7d5e4b2a086988bbfe57e91e401fe410a5dab2c84571e12d7e06
                                                                                                                                                                                                                                      • Instruction ID: 43b47b40cc0fa3af954fd574423f94b48f730c680c72b0c30d468305b6f7d869
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ec31e9eeb57b7d5e4b2a086988bbfe57e91e401fe410a5dab2c84571e12d7e06
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6121E2B5D00258DFDB10CFAAD584ADEBBF5EB48310F14842AE918B3360D378A954CFA5
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 061777A0 Relevance: 1.6, APIs: 1, Instructions: 60libraryCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000012.00000002.1891492373.0000000006170000.00000040.00000800.00020000.00000000.sdmp, Offset: 06170000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_18_2_6170000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                                                                                                      • Opcode ID: 3470408918df05949c395ed5433e8a236551ee36e6614f6476587f1b456e28f4
                                                                                                                                                                                                                                      • Instruction ID: 3311933e2b1d30a4ba82e1df71501fda179d23bedb7e608823a2b22d2eb69c74
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3470408918df05949c395ed5433e8a236551ee36e6614f6476587f1b456e28f4
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 98219074E052199FCB48DFAAE484ADDBBF6FB89320F10942AE415B7360DB305841CF54
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 061773E8 Relevance: 1.6, APIs: 1, Instructions: 57COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • GetKeyboardLayout.USER32(00000000), ref: 0617745E
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000012.00000002.1891492373.0000000006170000.00000040.00000800.00020000.00000000.sdmp, Offset: 06170000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_18_2_6170000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: KeyboardLayout
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 194098044-0
                                                                                                                                                                                                                                      • Opcode ID: 888b6d9fceabc5ec55f5967b3667179068b0995bad0043ef8b033994d9ddbfab
                                                                                                                                                                                                                                      • Instruction ID: 10f1cc66c51ce379ebfb0ccfc5b61c99d0211078ed042a151f414292b0f83f31
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 888b6d9fceabc5ec55f5967b3667179068b0995bad0043ef8b033994d9ddbfab
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 451189B0D003899FCB20EFA9C8046DEFFF4EB59354F14845AC455A7250C739A884CBA5
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 0142A870 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0142B101,00000800,00000000,00000000), ref: 0142B312
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000012.00000002.1885168339.0000000001420000.00000040.00000800.00020000.00000000.sdmp, Offset: 01420000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_18_2_1420000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: LibraryLoad
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 1029625771-0
                                                                                                                                                                                                                                      • Opcode ID: 19540eb8c66b63a991f69d5b78d61e8c21172c46df54ff086dcb049edba07cf1
                                                                                                                                                                                                                                      • Instruction ID: 182fc928142a2ad54dac9399b41413bbcba38be3754f5b3f041aca4acf48e689
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 19540eb8c66b63a991f69d5b78d61e8c21172c46df54ff086dcb049edba07cf1
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7A1114B69003598FDB10CF9AC448ADEFBF4EB48310F10842AD919A7310C375A545CFA5
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 0142B2A0 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0142B101,00000800,00000000,00000000), ref: 0142B312
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000012.00000002.1885168339.0000000001420000.00000040.00000800.00020000.00000000.sdmp, Offset: 01420000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_18_2_1420000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: LibraryLoad
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 1029625771-0
                                                                                                                                                                                                                                      • Opcode ID: b3b15255dc4bd4109476699a85de77482293717c3a669498bfa2922a59bc1967
                                                                                                                                                                                                                                      • Instruction ID: 6c3de98ecd52054a7d1b0eafc18e0057e032e0ee15dff74460abdd46706c52e3
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b3b15255dc4bd4109476699a85de77482293717c3a669498bfa2922a59bc1967
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E61114B68003588FDB14CF9AD444ADEFBF4EB88310F14842AD959A7310C375A585CFA5
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 071A9D20 Relevance: 1.6, APIs: 1, Instructions: 50windowCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000010,00000000,?), ref: 071A9D85
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000012.00000002.1893839232.00000000071A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071A0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_18_2_71a0000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: MessagePost
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 410705778-0
                                                                                                                                                                                                                                      • Opcode ID: 3b4ff4ccd5b867309b8b0ed0fe0ec8c15b6b85ab8043bd8580318601bdc80e9e
                                                                                                                                                                                                                                      • Instruction ID: 6726124c2abe01c904525cbf1a6ea9f4ba60b5c5d15fcdf4d1427bb9256ab55a
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3b4ff4ccd5b867309b8b0ed0fe0ec8c15b6b85ab8043bd8580318601bdc80e9e
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0A1102B9800349DFCB10DF9AC845BDEBBF8EB48324F20841AE558A7640C379A584CFA1
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 061774F1 Relevance: 1.5, APIs: 1, Instructions: 49comCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • OleInitialize.OLE32(00000000), ref: 0617754D
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000012.00000002.1891492373.0000000006170000.00000040.00000800.00020000.00000000.sdmp, Offset: 06170000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_18_2_6170000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: Initialize
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2538663250-0
                                                                                                                                                                                                                                      • Opcode ID: 4e3e021c28063d7bda61f262bccd0cfdd465a6f7a8328f9b7efc7794faaab7df
                                                                                                                                                                                                                                      • Instruction ID: c6b0dba4f5998b8e078fa8328ed353ca3e6ac5c6d9c200014b05f40537aad90c
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4e3e021c28063d7bda61f262bccd0cfdd465a6f7a8328f9b7efc7794faaab7df
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8E1133B59002488FCB20DFAAE844BDEFFF4EB48310F248419D559A3350D379A940CFA5
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 071A4548 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000010,00000000,?), ref: 071A9D85
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000012.00000002.1893839232.00000000071A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071A0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_18_2_71a0000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: MessagePost
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 410705778-0
                                                                                                                                                                                                                                      • Opcode ID: 2714c4f0b0807c7bbfeabf5aad0b67d5f1edd027f1317b49edb2cf7fef443eb5
                                                                                                                                                                                                                                      • Instruction ID: 49400b8777aa26cc43280781719dbf826bcd33c4b9ce58a2621cfb720ca6e0d4
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2714c4f0b0807c7bbfeabf5aad0b67d5f1edd027f1317b49edb2cf7fef443eb5
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0C1106B5800349DFCB10DF99C449BDEFBF8EB48320F10845AE559A7241C379A984CFA1
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 0142B020 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • GetModuleHandleW.KERNELBASE(00000000), ref: 0142B086
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000012.00000002.1885168339.0000000001420000.00000040.00000800.00020000.00000000.sdmp, Offset: 01420000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_18_2_1420000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: HandleModule
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 4139908857-0
                                                                                                                                                                                                                                      • Opcode ID: 0c6f7818fc4ec6ff26e0c642d1445f23f13a19222214cb06d6c5dac99f3b4e53
                                                                                                                                                                                                                                      • Instruction ID: f811e57753f1a225890b95bf35f4b960444f9a343166e352bf81aee5b5fb2cbe
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0c6f7818fc4ec6ff26e0c642d1445f23f13a19222214cb06d6c5dac99f3b4e53
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4411FDB5C003598BDB20CF9AC444A9EFBF4EB88220F10842AD969A7210C379A585CFA5
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 06176E94 Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • OleInitialize.OLE32(00000000), ref: 0617754D
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000012.00000002.1891492373.0000000006170000.00000040.00000800.00020000.00000000.sdmp, Offset: 06170000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_18_2_6170000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: Initialize
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2538663250-0
                                                                                                                                                                                                                                      • Opcode ID: 0ab4eb760f2204c5fc827fd17f0ae1ce1c075c52552a5973b5cbf8210fb603c7
                                                                                                                                                                                                                                      • Instruction ID: 5930b659a60c924f1a99f5b06351f9ed04a3a390314486080ef0886b926b6a72
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0ab4eb760f2204c5fc827fd17f0ae1ce1c075c52552a5973b5cbf8210fb603c7
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C81100B59003498FCB20DF9AD548B9EBBF8EB48320F248459D519A7250C378A944CFA5
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 061D1B08 Relevance: 1.5, Instructions: 1465COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000012.00000002.1891558373.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_18_2_61d0000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 6394f7dc0f1558d6d7c6a6cc4c89e9a1f3cd274f297348fadc0a38a1bd535b82
                                                                                                                                                                                                                                      • Instruction ID: 27626ef8a449153fb839e93e7c6e4c43fc8bdf2a4477d89d353342f254c05055
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6394f7dc0f1558d6d7c6a6cc4c89e9a1f3cd274f297348fadc0a38a1bd535b82
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 16C25D31B401189FCB54DB64CD91AADBBB2FF88700F108099E60AAB365DB71DE85DF61
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 061D0048 Relevance: .7, Instructions: 676COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000012.00000002.1891558373.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_18_2_61d0000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: a4b3e37f7ab1dcd0c7dc6a77e26e83f509ef729b8fbd859864d0a352c7060818
                                                                                                                                                                                                                                      • Instruction ID: b756ce4f728eac0af6b57b4b0cf07ff0440f31ac683045def46f5db7e5a1b32f
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a4b3e37f7ab1dcd0c7dc6a77e26e83f509ef729b8fbd859864d0a352c7060818
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0342AD307406189FCB65AF68D490A6EBBF2FBC9305B104A5CD1039B795CF7AEC058B96
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 061D201A Relevance: .6, Instructions: 571COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000012.00000002.1891558373.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_18_2_61d0000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 078c46858463b84b0cb28e48ee778dccd5d47dd84c50c2cbad283ef5e928c1ba
                                                                                                                                                                                                                                      • Instruction ID: ec4e69000db83a6e67cd451e1d15b4fd9ebeb1b6a542d18657ccf41275539c88
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 078c46858463b84b0cb28e48ee778dccd5d47dd84c50c2cbad283ef5e928c1ba
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3A22D735B401188FCB589B24CD95EADB7B2EF88700F118099EA165B3A5CF71ED82DF91
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 061D0508 Relevance: .5, Instructions: 459COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000012.00000002.1891558373.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_18_2_61d0000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: cc435b1d30847ac49cb6aa89bfc5cf1019f5390c507f355d86b000b256dfaf25
                                                                                                                                                                                                                                      • Instruction ID: ecb2c36b478506fd1df3d78d6ad12dbce564492d6bd83aecd76bf157944f35ae
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cc435b1d30847ac49cb6aa89bfc5cf1019f5390c507f355d86b000b256dfaf25
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5602BB30B402149FCB649F68D994A2EBBF2FB89305F104958D6039F7A6CF76EC458B91
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 061D3B5F Relevance: .4, Instructions: 402COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000012.00000002.1891558373.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_18_2_61d0000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 213f0c41390934348b966f75804e908c5b1a6e6ac1b4c2dcce561046903bb129
                                                                                                                                                                                                                                      • Instruction ID: 0e9c7f54ef86267c6bd2012077617d7ce9cc59699be2646d770b11145fb8c962
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 213f0c41390934348b966f75804e908c5b1a6e6ac1b4c2dcce561046903bb129
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 25F11534B402189FCB44CF69C994EA9BBF6AF89700F11809AE506DB3A6DB71ED41CF50
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 061D05F8 Relevance: .4, Instructions: 390COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000012.00000002.1891558373.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_18_2_61d0000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 5670903c84327a2c4248b8eda7165414105bd27b692e45c1a37162acccddc5cb
                                                                                                                                                                                                                                      • Instruction ID: 96f8ffccc07e95e078e3388a975931b568d80cb6b8ac66fc32ad35f7872b530a
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5670903c84327a2c4248b8eda7165414105bd27b692e45c1a37162acccddc5cb
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 22E1CF30B402049FDB549F68C994B2E7BB6FF89701F108959E6029B7A1CF76DC45CBA1
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 061D1AEC Relevance: .4, Instructions: 360COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000012.00000002.1891558373.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_18_2_61d0000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 294435ebcdb8b5c44fe693560a706c20a88b77cc4571db9375fded2a93a9fd96
                                                                                                                                                                                                                                      • Instruction ID: 0b9ec9fb93c6dee21185ac765ebe65fb47c723932a36adc50a069bf1831f5edc
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 294435ebcdb8b5c44fe693560a706c20a88b77cc4571db9375fded2a93a9fd96
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 12D15A75B50004AFC784DF98DA85E99BBB6FF48700F908065EA06EB361CB71ED49CB61
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 061D0670 Relevance: .4, Instructions: 353COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000012.00000002.1891558373.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_18_2_61d0000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: ed082b7e5b191cbd0fe67f0ec8426ed277ef90671bcca6d8e856eef547127174
                                                                                                                                                                                                                                      • Instruction ID: d3b9e7e19c3b8a2f68900d9a5912a4eabc7566d97b158b409489dbad31a0e923
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ed082b7e5b191cbd0fe67f0ec8426ed277ef90671bcca6d8e856eef547127174
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 58D1AE30B502049FDB449F68C998B2A7BB6FF89701F508459E6029B7A1CB76DC45CBA1
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 061D0037 Relevance: .3, Instructions: 334COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000012.00000002.1891558373.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_18_2_61d0000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: ba06ad90979f9ffb182293c1a6970a8f680a6663ac24071f62236092094f933b
                                                                                                                                                                                                                                      • Instruction ID: 3edd64dab69a5213f1f3819be98e00cc5ed86a58b472a9e1423fa95fa011adb6
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ba06ad90979f9ffb182293c1a6970a8f680a6663ac24071f62236092094f933b
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E2C1AE30B402049FDB449F68C998B2A7BB6FF8D701F148469E602DB3A1CB76DC45CBA1
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 061D05D6 Relevance: .3, Instructions: 307COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000012.00000002.1891558373.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_18_2_61d0000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 47a2cbc8df855bf05847feb806a62d2a9129aaf259bad33bc47ab9644ffae7fc
                                                                                                                                                                                                                                      • Instruction ID: 0a9513bb6d1bb176106c505b9f90742feda0acbb37eaea6b77db4f8dc6bd4c58
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 47a2cbc8df855bf05847feb806a62d2a9129aaf259bad33bc47ab9644ffae7fc
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5BB19E30B50204EFDB449F64C998B2A77B6FB8D702F104459E6029B7A5CB76DC85CBA1
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 061D0580 Relevance: .3, Instructions: 301COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000012.00000002.1891558373.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_18_2_61d0000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 2f40cb8c50e2643728e5f05d05229a308485d2306a0bbe808806012bf5519d87
                                                                                                                                                                                                                                      • Instruction ID: 80f45fb8c16670f2f0e17a766d7930029af3c9737ef676096a4657bcd6e885f3
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2f40cb8c50e2643728e5f05d05229a308485d2306a0bbe808806012bf5519d87
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FBB19E30B50204DFDB449F64C998B2A7BB6FB8D702F508459E6029B3A5CB76DC85CBA1
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 061D0FC4 Relevance: .1, Instructions: 79COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000012.00000002.1891558373.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_18_2_61d0000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: c6a5c0d8f237e105d65c54c97585854114d674216eceb0f644739ae71e5b1390
                                                                                                                                                                                                                                      • Instruction ID: 921f1d0e9af79a992c00cb8d2038d85a741f6ffb3fde96c64fe054de144fd10c
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c6a5c0d8f237e105d65c54c97585854114d674216eceb0f644739ae71e5b1390
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D0212830704244AFCB45AB6DDD548AEBBF7EFC9350715496AE515CB2A2DB30CC11C7A1
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 061D35B3 Relevance: .1, Instructions: 78COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000012.00000002.1891558373.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_18_2_61d0000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 7a17dbc1ab95154930b6c54659a84f71266bd8760c36e2b3674ee83e911b384c
                                                                                                                                                                                                                                      • Instruction ID: d6e22bccb0c8880d89f4c051941dc1917bd09bd76353875da07ae731f724c01b
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7a17dbc1ab95154930b6c54659a84f71266bd8760c36e2b3674ee83e911b384c
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 15216B35B40004AFCB54CF69D984EAABBB2EF88754F1180A9E9059F371DB31EC06CB51
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 0137D764 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000012.00000002.1884822039.000000000137D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0137D000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_18_2_137d000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: dab3df4a450a9fa6975af8939820f13ebdbb160d7b7a0072dcd7939988d761b7
                                                                                                                                                                                                                                      • Instruction ID: 5441352ca3445f42165291cbd0b15dba5cb4c89a52ff9c4629f2ace614170ca1
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dab3df4a450a9fa6975af8939820f13ebdbb160d7b7a0072dcd7939988d761b7
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F4210672500284EFCB25DF94D9C0B26BFA5FF88318F24C669E9094B256C33AD416CBA1
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 0137D4C4 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000012.00000002.1884822039.000000000137D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0137D000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_18_2_137d000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: dd76f40b295841071191d0e69e69bee8656f8df7180f820406cdaa7318779dc0
                                                                                                                                                                                                                                      • Instruction ID: 164c6ead15597ebf7532b9b66c01f411e697d9ca24e2b8b2483f69de73d48ea1
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dd76f40b295841071191d0e69e69bee8656f8df7180f820406cdaa7318779dc0
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A5212271500244DFDB25DF58D9C0B2ABFA5FF8832CF24C669E9091B256C33AD456CBA2
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 0138D01C Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000012.00000002.1884857172.000000000138D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0138D000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_18_2_138d000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 4fe525d403c45a5ad86edf7d6317f6d6ab544ca51736af81b5c7b04d84d78602
                                                                                                                                                                                                                                      • Instruction ID: 17b582227c59ba50c3b5ae452d7ab4cebdbec33e3f05d3f282252574df9fdf76
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4fe525d403c45a5ad86edf7d6317f6d6ab544ca51736af81b5c7b04d84d78602
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 542122B1604304DFDB15EF98D984B26BFA5FB84318F20C56DD80A4B396C33AD447CA61
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 0137D75F Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000012.00000002.1884822039.000000000137D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0137D000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_18_2_137d000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: c7c8d58dc0dea2b6e01ffeb94055e7b182a7219ccea2c20f3472bf21e95a7b9d
                                                                                                                                                                                                                                      • Instruction ID: b2d88480dfb4d1f7f05e0b811cc5105fb1bed7ad5f5878163ad73249361f80e2
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c7c8d58dc0dea2b6e01ffeb94055e7b182a7219ccea2c20f3472bf21e95a7b9d
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 41218C76504280DFDB16CF54D9C4B16BF72FB88318F28C6A9D9490A656C33AD42ACB91
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 0137D4BF Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000012.00000002.1884822039.000000000137D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0137D000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_18_2_137d000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                                                                                                                                                      • Instruction ID: 8a61cf4dfc72df617740916029ca993d043a4a8a7e5c99a903196a6be2428730
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7011B176504280CFDB16CF54D5C4B16BF71FF84328F24C6A9D9490B656C33AD45ACBA1
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 0138D017 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000012.00000002.1884857172.000000000138D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0138D000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_18_2_138d000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                                                                                                                                      • Instruction ID: af53d568839933dc112eab31eca0de8df607c81ea012b28f3e35ef4ab21a8390
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7311BEB5504380CFDB12DF54D5C4B15BF61FB44318F24C6AAD8494B696C33AD40BCB61
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 0137D655 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000012.00000002.1884822039.000000000137D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0137D000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_18_2_137d000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 941141e298bb84a8da8e868d660dc1e7c5528f2bf8e9c52b38be536bed2ab8a2
                                                                                                                                                                                                                                      • Instruction ID: 331e7906c73c42a46661b18862a9928b2771cf41e4108f7dd6dee6188a3b495e
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 941141e298bb84a8da8e868d660dc1e7c5528f2bf8e9c52b38be536bed2ab8a2
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2C01A2711083449AE7219A69CEC4767FFACEF41338F58C42AED0D4A296C67DE840CAB1
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 0137D654 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000012.00000002.1884822039.000000000137D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0137D000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_18_2_137d000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 2547d003a671a9a88b9fed33ac41ab21a2269d439098e12419eebf352b0cd165
                                                                                                                                                                                                                                      • Instruction ID: 7346e2db5140007b883c9ce09dd8c6a15422fbab29e2081d87f68b76656796c8
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2547d003a671a9a88b9fed33ac41ab21a2269d439098e12419eebf352b0cd165
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 45F062724043449AE7218E1ACDC4B66FFA8EF51738F18C45AED0D4A296C279A844CAB1
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Execution Graph

                                                                                                                                                                                                                                      Execution Coverage:0.4%
                                                                                                                                                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                      Signature Coverage:1.6%
                                                                                                                                                                                                                                      Total number of Nodes:129
                                                                                                                                                                                                                                      Total number of Limit Nodes:5
                                                                                                                                                                                                                                      execution_graph 33426 69c5fe51 33441 69c5f564 33426->33441 33431 69c5f4a3 4 API calls 33432 69c5fe83 33431->33432 33438 69c5fe9a 33432->33438 33455 69c5f787 RegCreateKeyExW 33432->33455 33434 69c5feb3 33464 69c5eefe 62 API calls __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 33434->33464 33436 69c5fec4 33438->33434 33438->33436 33439 69c5febb 33439->33436 33465 69c420b0 33441->33465 33444 69c5f5ad 33467 69c40c5d 33444->33467 33446 69c5f5c8 33447 69c5f4a3 33446->33447 33448 69c5f4b2 33447->33448 33475 69c340d0 RegOpenKeyExW 33448->33475 33451 69c5f4d8 33480 69c33f80 33451->33480 33456 69c5f7d5 lstrlenW RegSetValueExW 33455->33456 33457 69c5f81b 33455->33457 33458 69c5f7f5 RegDeleteValueW 33456->33458 33459 69c5f804 RegCloseKey 33456->33459 33460 69c40c5d __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 33457->33460 33458->33459 33459->33457 33461 69c5f813 RegDeleteKeyW 33459->33461 33462 69c5f82a 33460->33462 33461->33457 33462->33438 33463 69c5f711 8 API calls __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 33462->33463 33463->33438 33464->33439 33466 69c420c7 GetVersionExW 33465->33466 33466->33444 33468 69c40c66 33467->33468 33469 69c40c68 IsProcessorFeaturePresent 33467->33469 33468->33446 33471 69c40fff 33469->33471 33474 69c40fc3 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 33471->33474 33473 69c410e2 33473->33446 33474->33473 33476 69c34109 33475->33476 33477 69c3411b 33475->33477 33476->33477 33478 69c3410f RegCloseKey 33476->33478 33477->33451 33479 69c34140 RegQueryValueExW 33477->33479 33478->33477 33479->33451 33481 69c33f89 RegCloseKey 33480->33481 33482 69c33f9d 33480->33482 33481->33482 33482->33431 33483 69c40c3a 33484 69c40c43 33483->33484 33485 69c40c48 33483->33485 33506 69c413d5 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 33484->33506 33489 69c40af4 33485->33489 33488 69c40c56 33490 69c40b00 ___FrameUnwindToState 33489->33490 33491 69c40b29 dllmain_raw 33490->33491 33492 69c40b24 33490->33492 33494 69c40b0f ___FrameUnwindToState 33490->33494 33493 69c40b43 dllmain_crt_dispatch 33491->33493 33491->33494 33495 69c40b65 33492->33495 33522 69c4515e 12 API calls 2 library calls 33492->33522 33493->33492 33493->33494 33494->33488 33507 69c3ef28 33495->33507 33498 69c40b70 33499 69c40b9c 33498->33499 33503 69c3ef28 __DllMainCRTStartup@12 92 API calls 33498->33503 33500 69c40baf 33499->33500 33523 69c451fa 12 API calls 2 library calls 33499->33523 33500->33494 33502 69c40bb9 dllmain_crt_dispatch 33500->33502 33502->33494 33505 69c40bcc dllmain_raw 33502->33505 33504 69c40b88 dllmain_crt_dispatch dllmain_raw 33503->33504 33504->33499 33505->33494 33506->33485 33508 69c3ef35 33507->33508 33509 69c3ef7b 33507->33509 33524 69c408da 33508->33524 33510 69c3ef97 33509->33510 33550 69c28b20 11 API calls __DllMainCRTStartup@12 33509->33550 33510->33498 33514 69c3ef86 33514->33510 33551 69c27b40 84 API calls __DllMainCRTStartup@12 33514->33551 33515 69c3ef4a 33531 69c28a90 33515->33531 33519 69c3ef5e __DllMainCRTStartup@12 33549 69c220b0 87 API calls 4 library calls 33519->33549 33521 69c3ef78 33521->33510 33522->33495 33523->33500 33526 69c408df 33524->33526 33527 69c3ef3c 33526->33527 33552 69c3f02e 33526->33552 33557 69c4b48e 7 API calls 2 library calls 33526->33557 33558 69c413b8 RaiseException __CxxThrowException@8 new 33526->33558 33559 69c4139b RaiseException Concurrency::cancel_current_task __CxxThrowException@8 33526->33559 33527->33515 33548 69c27ab0 15 API calls 2 library calls 33527->33548 33532 69c28abe 33531->33532 33533 69c28aad 33531->33533 33535 69c408da new 9 API calls 33532->33535 33534 69c40c5d __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 33533->33534 33536 69c28aba 33534->33536 33537 69c28ac5 33535->33537 33536->33519 33562 69c28800 33537->33562 33541 69c28ae6 33585 69c295b0 33541->33585 33544 69c28b0e 33546 69c40c5d __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 33544->33546 33547 69c28b1b 33546->33547 33547->33519 33548->33515 33549->33521 33550->33514 33551->33510 33554 69c3f033 33552->33554 33555 69c3f061 33554->33555 33560 69c4b4d2 EnterCriticalSection LeaveCriticalSection ___FrameUnwindToState std::_Lockit::_Lockit new 33554->33560 33561 69c3efaf HeapAlloc std::locale::_Locimp::_Locimp_dtor 33554->33561 33555->33526 33557->33526 33560->33554 33561->33554 33563 69c408da new 9 API calls 33562->33563 33564 69c2881e 33563->33564 33565 69c288c4 33564->33565 33566 69c2882b 33564->33566 33598 69c46166 11 API calls __Getctype 33565->33598 33568 69c408da new 9 API calls 33566->33568 33570 69c2885a 33568->33570 33569 69c288c9 33599 69c46166 11 API calls __Getctype 33569->33599 33570->33569 33572 69c28861 33570->33572 33576 69c408da new 9 API calls 33572->33576 33573 69c28893 33577 69c2889a GetCommandLineW 33573->33577 33600 69c46166 11 API calls __Getctype 33573->33600 33576->33573 33578 69c22ea0 33577->33578 33579 69c22ed3 33578->33579 33580 69c22ec1 33578->33580 33602 69c24870 31 API calls 3 library calls 33579->33602 33601 69c24870 31 API calls 3 library calls 33580->33601 33582 69c22ecc 33582->33541 33584 69c22ef9 33584->33541 33586 69c295f2 33585->33586 33586->33586 33603 69c2c5a0 31 API calls 3 library calls 33586->33603 33588 69c29618 33589 69c29622 CommandLineToArgvW 33588->33589 33591 69c29659 33588->33591 33604 69c28b80 82 API calls 3 library calls 33589->33604 33592 69c29671 33591->33592 33605 69c26a20 11 API calls __DllMainCRTStartup@12 33591->33605 33595 69c40c5d __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 33592->33595 33593 69c29652 LocalFree 33593->33591 33596 69c28af6 33595->33596 33596->33544 33597 69c26a20 11 API calls __DllMainCRTStartup@12 33596->33597 33597->33544 33601->33582 33602->33584 33603->33588 33604->33593 33605->33592

                                                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                                                      Function 69C5F787 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 68registrystringCOMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • RegCreateKeyExW.KERNEL32(80000002,Software\Google\GCAPITemp,00000000,00000000,00000000,0002021F,00000000,?,?,?,00000000,00000000), ref: 69C5F7CB
                                                                                                                                                                                                                                      • lstrlenW.KERNEL32(?,?,00000000,00000000), ref: 69C5F7D9
                                                                                                                                                                                                                                      • RegSetValueExW.KERNEL32(?,?,00000000,00000001,?,00000000,?,00000000,00000000), ref: 69C5F7EB
                                                                                                                                                                                                                                      • RegDeleteValueW.KERNEL32(?,?,?,00000000,00000000), ref: 69C5F7FE
                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?,00000000,00000000), ref: 69C5F807
                                                                                                                                                                                                                                      • RegDeleteKeyW.ADVAPI32(80000002,Software\Google\GCAPITemp), ref: 69C5F815
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: DeleteValue$CloseCreatelstrlen
                                                                                                                                                                                                                                      • String ID: Software\Google\GCAPITemp$test
                                                                                                                                                                                                                                      • API String ID: 495649648-3707622476
                                                                                                                                                                                                                                      • Opcode ID: f76cd66e646c4becc2719c9c11448770395680c246b1b435d680d2454d2b2ce2
                                                                                                                                                                                                                                      • Instruction ID: 590ea218f49974408e9f82fca02006f61ce515897b4db7851b0c5f82da9b2fa5
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f76cd66e646c4becc2719c9c11448770395680c246b1b435d680d2454d2b2ce2
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B4115E7190022DAFDB00DF95DD89DFFBB7DFB46751B900429F506A6100E6315E058BB1
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C40AF4 Relevance: 9.1, APIs: 6, Instructions: 93COMMONLIBRARYCODE
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: dllmain_crt_dispatchdllmain_raw
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 1382799047-0
                                                                                                                                                                                                                                      • Opcode ID: c38b8f6560b2fb78b16d2c313a63c7083990a9a8c2fed2a9b666370fb4fd0ae7
                                                                                                                                                                                                                                      • Instruction ID: 330b803584c1303aaa6ae76a7ddd8e1c0a6503fdec4b37b47ab387ac5be77932
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c38b8f6560b2fb78b16d2c313a63c7083990a9a8c2fed2a9b666370fb4fd0ae7
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B721D576F80765ABDB21DE64AD40D6F3A39BFA5F58B015908FC142B141E334C8108BA0
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C28A90 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • new.LIBCMT ref: 69C28AC0
                                                                                                                                                                                                                                      • GetCommandLineW.KERNEL32(00000000,?,?,?,?,?,69C3EF5E,00000000,00000000,00000000), ref: 69C28AD6
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: CommandLine
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 3253501508-0
                                                                                                                                                                                                                                      • Opcode ID: 507593138f47d143efdfa5432b9fa5cb50c22903db5ee83b8fbb9923ac6d2962
                                                                                                                                                                                                                                      • Instruction ID: ba0dc57638f680b792357596d399ad8820882904a79291fdc25c4c38994ba8b0
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 507593138f47d143efdfa5432b9fa5cb50c22903db5ee83b8fbb9923ac6d2962
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8D018475654200DFCB04EF70E855A6BB7A5FB95604F00961DE86A4B290FF309906DBD3
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C340D0 Relevance: 3.0, APIs: 2, Instructions: 39registryCOMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 61 69c340d0-69c34107 RegOpenKeyExW 62 69c34109-69c3410d 61->62 63 69c3412c-69c34132 61->63 64 69c3411b-69c34129 62->64 65 69c3410f-69c34118 RegCloseKey 62->65 64->63 65->64
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • RegOpenKeyExW.KERNEL32(00020219,?,00000000,?,?), ref: 69C340FD
                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32 ref: 69C34110
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: CloseOpen
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 47109696-0
                                                                                                                                                                                                                                      • Opcode ID: fa61e901229770cadcf1355d9fb415d2e997cb5d6f2335321ed3ddb06bc5082e
                                                                                                                                                                                                                                      • Instruction ID: b606b0fdd7c483e3ceb0429f490ca98e9314dc104dd11a7a6cb075b3489afdae
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fa61e901229770cadcf1355d9fb415d2e997cb5d6f2335321ed3ddb06bc5082e
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D9F08C71205305AFD7208F0AC845B1BFBF8FB98321F40852EF9A9C3240E771E8048BA1
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C3EF28 Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • new.LIBCMT ref: 69C3EF37
                                                                                                                                                                                                                                        • Part of subcall function 69C27AB0: new.LIBCMT ref: 69C27AF2
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 9495f990225b6cf4c86bf3b81041fb7117de8de753ad40680a4f476e959353e5
                                                                                                                                                                                                                                      • Instruction ID: a7fadeb3f30d2708bedacaaeed778f08949121311d7ee57c98cc426f6487a9fe
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9495f990225b6cf4c86bf3b81041fb7117de8de753ad40680a4f476e959353e5
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CD01A2369152349BDB14EB65B815BAE3778BF05768F40D51AD8206B180FF749901CBE2
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C34140 Relevance: 1.5, APIs: 1, Instructions: 14registryCOMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 92 69c34140-69c3415c RegQueryValueExW
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • RegQueryValueExW.KERNEL32(80000002,00020219,00000000,00000000,00000000,00000000,?,69C5F4D8,69C763E8,?,Software\Google\Update\Clients\{8A69D345-D564-463c-AFF1-A69D9E530F96},00020219,7FFFFFFF,80000002), ref: 69C34150
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: QueryValue
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 3660427363-0
                                                                                                                                                                                                                                      • Opcode ID: 0e0dcf3a06f332375a8fd41fb260d34e5ce8fdf71cb5263dfd66e4866dd20c40
                                                                                                                                                                                                                                      • Instruction ID: 945847d0c2a1fe7737680583e5622b7b848b7ad4bd9a9e00b7e101ae87c1b491
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0e0dcf3a06f332375a8fd41fb260d34e5ce8fdf71cb5263dfd66e4866dd20c40
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 46C08C323D4308BBEA201EB1CC03F203A6CEB12F11F300020B30AAC0E0C1A37020964D
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                                                                                      Function 69C5FFEC Relevance: 25.7, APIs: 17, Instructions: 233comthreadCOMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 139 69c5ffec-69c60019 call 69c2dcb0 call 69c5f310 144 69c602d7-69c602ef call 69c22e00 call 69c40c5d 139->144 145 69c6001f-69c60041 CoInitializeEx CoInitializeSecurity 139->145 146 69c60047-69c60057 call 69c5f4f1 145->146 147 69c602cb-69c602cf 145->147 154 69c601cd-69c60203 call 69c288e0 CoCreateInstance 146->154 155 69c6005d-69c60074 GetCurrentProcessId call 69c5f383 146->155 147->144 150 69c602d1 CoUninitialize 147->150 150->144 161 69c60205-69c60244 call 69c29690 call 69c24780 154->161 162 69c60253-69c6029b call 69c29690 call 69c3b650 call 69c3b6c0 call 69c3b630 call 69c3b620 call 69c24780 call 69c3b690 154->162 155->147 163 69c6007a-69c6009a GetShellWindow GetWindowThreadProcessId 155->163 184 69c60246-69c60251 161->184 185 69c6029e-69c602a5 161->185 162->185 165 69c6009c-69c600a8 LocalFree 163->165 166 69c600ad-69c600c0 call 69c5f383 163->166 165->147 175 69c600c6-69c600d8 call 69c56951 166->175 176 69c601b5-69c601c7 LocalFree 166->176 186 69c600de-69c60110 OpenProcess call 69c2eab0 call 69c2ea90 175->186 187 69c601ac-69c601af LocalFree 175->187 176->147 176->154 184->185 189 69c602a7-69c602ad RevertToSelf 185->189 190 69c602b0-69c602b8 185->190 202 69c60116-69c60139 OpenProcessToken 186->202 203 69c601a1-69c601a7 call 69c2eb30 186->203 187->176 189->190 195 69c602c0-69c602c6 call 69c28a00 190->195 196 69c602ba-69c602bc 190->196 195->147 196->195 205 69c6013b-69c60156 DuplicateTokenEx 202->205 206 69c60178-69c60184 202->206 203->187 205->206 209 69c60158-69c60172 ImpersonateLoggedOnUser 205->209 210 69c60186-69c6018c CloseHandle 206->210 211 69c6018e-69c60194 206->211 209->206 210->211 213 69c60196-69c6019c CloseHandle 211->213 214 69c6019e-69c601a0 211->214 213->214 214->203
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • CoInitializeEx.OLE32(00000000,00000002), ref: 69C60024
                                                                                                                                                                                                                                      • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000006,00000002,00000000,00000040,00000000), ref: 69C60039
                                                                                                                                                                                                                                      • CoUninitialize.OLE32 ref: 69C602D1
                                                                                                                                                                                                                                        • Part of subcall function 69C5F4F1: GetCurrentProcess.KERNEL32(00000008,?), ref: 69C5F50F
                                                                                                                                                                                                                                        • Part of subcall function 69C5F4F1: OpenProcessToken.ADVAPI32(00000000), ref: 69C5F516
                                                                                                                                                                                                                                        • Part of subcall function 69C5F4F1: GetTokenInformation.ADVAPI32(?,00000012(TokenIntegrityLevel),?,00000004,00000000), ref: 69C5F53A
                                                                                                                                                                                                                                        • Part of subcall function 69C5F4F1: CloseHandle.KERNEL32(?), ref: 69C5F547
                                                                                                                                                                                                                                      • GetCurrentProcessId.KERNEL32(?), ref: 69C60064
                                                                                                                                                                                                                                        • Part of subcall function 69C5F383: OpenProcess.KERNEL32(00000400,00000001,?,00000000,00000000), ref: 69C5F396
                                                                                                                                                                                                                                      • GetShellWindow.USER32 ref: 69C60087
                                                                                                                                                                                                                                      • GetWindowThreadProcessId.USER32(00000000), ref: 69C6008E
                                                                                                                                                                                                                                      • LocalFree.KERNEL32(?), ref: 69C600A2
                                                                                                                                                                                                                                      • OpenProcess.KERNEL32(00000440,00000001,?), ref: 69C600EA
                                                                                                                                                                                                                                      • OpenProcessToken.ADVAPI32(?,0000000A,?,00000000), ref: 69C60131
                                                                                                                                                                                                                                      • DuplicateTokenEx.ADVAPI32(?,0000000F,00000000,00000002,00000001,?), ref: 69C6014E
                                                                                                                                                                                                                                      • ImpersonateLoggedOnUser.ADVAPI32(?), ref: 69C6015E
                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 69C6018C
                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 69C6019C
                                                                                                                                                                                                                                      • LocalFree.KERNEL32(?), ref: 69C601AF
                                                                                                                                                                                                                                      • LocalFree.KERNEL32(?), ref: 69C601BB
                                                                                                                                                                                                                                      • CoCreateInstance.OLE32(69C765CC,00000000,00000004,69C765BC,?,?), ref: 69C601F0
                                                                                                                                                                                                                                      • RevertToSelf.ADVAPI32(00000001,00000000), ref: 69C602A7
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: Process$OpenToken$CloseFreeHandleLocal$CurrentInitializeWindow$CreateDuplicateImpersonateInformationInstanceLoggedRevertSecuritySelfShellThreadUninitializeUser
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 1086148846-0
                                                                                                                                                                                                                                      • Opcode ID: 10ecc39cefe7bb4abbc223a5bb1e4b4c320567f4369b426ef10159e1ce867620
                                                                                                                                                                                                                                      • Instruction ID: 68cc1ed05980b6b1f7f75deaef84e7b05d464fa4efec92cb969bb7d423bffed3
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 10ecc39cefe7bb4abbc223a5bb1e4b4c320567f4369b426ef10159e1ce867620
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A3816E71900219AFEF20DFA2DC84FADBB79BF45314F4080A9E51AA6191EF319E45DF20
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C3B6C0 Relevance: 25.0, APIs: 13, Strings: 1, Instructions: 504COMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 215 69c3b6c0-69c3b716 call 69c3d530 218 69c3b728-69c3b757 215->218 219 69c3b718-69c3b71d 215->219 222 69c3b767-69c3b76d 218->222 223 69c3b759-69c3b75c 218->223 220 69c3b863-69c3b86b call 69c32cd0 219->220 221 69c3b723 219->221 236 69c3b87b-69c3b88b 220->236 237 69c3b86d-69c3b876 call 69c3b5d0 220->237 221->218 226 69c3b786-69c3b788 222->226 227 69c3b76f-69c3b782 call 69c22400 222->227 223->222 225 69c3b75e-69c3b761 223->225 225->222 229 69c3b7f7-69c3b7fb 225->229 231 69c3b7a1-69c3b7a3 226->231 232 69c3b78a-69c3b79d call 69c22400 226->232 227->226 238 69c3b801-69c3b80d 229->238 239 69c3b9fb 229->239 234 69c3b7a5-69c3b7ba call 69c22400 231->234 235 69c3b7be-69c3b7c3 231->235 232->231 234->235 243 69c3b7c5-69c3b7d5 call 69c22400 235->243 244 69c3b7da-69c3b7f3 235->244 248 69c3b89b-69c3b8a2 236->248 249 69c3b88d-69c3b896 call 69c3b5d0 236->249 266 69c3bdfa-69c3be00 237->266 246 69c3b843-69c3b84f 238->246 247 69c3b80f-69c3b835 call 69c408da call 69c32a20 238->247 250 69c3b9ff-69c3ba03 239->250 243->244 244->229 246->250 254 69c3b855-69c3b85e 246->254 247->246 287 69c3b837-69c3b839 247->287 251 69c3b8e3-69c3b8ef call 69c3d600 248->251 252 69c3b8a4-69c3b8b2 SetHandleInformation 248->252 249->266 259 69c3ba05-69c3ba0a 250->259 260 69c3ba0e-69c3ba1d 250->260 284 69c3b942-69c3b95d 251->284 285 69c3b8f1-69c3b8f6 251->285 263 69c3b8c1-69c3b8c7 252->263 264 69c3b8b4-69c3b8ba 252->264 254->250 259->260 261 69c3ba29-69c3ba34 260->261 262 69c3ba1f-69c3ba27 260->262 269 69c3ba3c-69c3ba74 call 69c24970 261->269 270 69c3ba36-69c3ba38 261->270 262->269 273 69c3b8c9-69c3b8d7 call 69c22400 263->273 274 69c3b8dc-69c3b8e1 263->274 271 69c3b8c0 264->271 272 69c3be2b-69c3be2d call 69c49f77 264->272 276 69c3be02-69c3be12 call 69c40c6e 266->276 277 69c3be15-69c3be2a call 69c40c5d 266->277 296 69c3bb60-69c3bba4 CreateProcessW 269->296 297 69c3ba7a-69c3ba9a CreateEnvironmentBlock 269->297 270->269 271->263 290 69c3be32-69c3be3f call 69c3fc31 272->290 273->274 274->251 274->252 276->277 284->290 291 69c3b963-69c3b969 284->291 292 69c3b904-69c3b917 call 69c3b5d0 285->292 293 69c3b8f8-69c3b8ff call 69c22ba0 285->293 287->246 295 69c3b83b-69c3b83e call 69c329e0 287->295 299 69c3b9a6-69c3b9ab 291->299 300 69c3b96b-69c3b98d 291->300 314 69c3b919-69c3b929 call 69c40c6e 292->314 315 69c3b92c-69c3b941 call 69c40c5d 292->315 293->292 295->246 310 69c3bba6-69c3bbaf 296->310 311 69c3bc04-69c3bc5f call 69c2eab0 * 2 296->311 308 69c3bac0-69c3bb15 CreateProcessAsUserW DestroyEnvironmentBlock 297->308 309 69c3ba9c-69c3baa4 297->309 303 69c3b9b9-69c3b9cc call 69c3b5d0 299->303 304 69c3b9ad-69c3b9b4 call 69c22ba0 299->304 300->299 333 69c3b98f-69c3b9a1 300->333 303->315 341 69c3b9d2-69c3b9fa call 69c40c6e call 69c40c5d 303->341 304->303 323 69c3bc00 308->323 324 69c3bb1b-69c3bb24 308->324 318 69c3bab2-69c3babb call 69c3b5d0 309->318 319 69c3baa6-69c3baad call 69c22ba0 309->319 320 69c3bbb1-69c3bbc6 call 69c22ba0 310->320 321 69c3bbca-69c3bbcf 310->321 358 69c3bd67-69c3bd6a 311->358 359 69c3bc65-69c3bc72 AssignProcessToJobObject 311->359 314->315 354 69c3bdbd-69c3bdc7 318->354 319->318 320->321 331 69c3bbf2-69c3bbfb call 69c3b5d0 321->331 332 69c3bbd1-69c3bbdb 321->332 323->311 334 69c3bb26-69c3bb3b call 69c22ba0 324->334 335 69c3bb3f-69c3bb44 324->335 331->354 332->331 346 69c3bbdd-69c3bbed call 69c25280 332->346 333->218 334->335 339 69c3bb52-69c3bb5b call 69c3b5d0 335->339 340 69c3bb46-69c3bb4d call 69c22f70 335->340 339->354 340->339 346->331 360 69c3bdc9-69c3bdd9 call 69c26a20 354->360 361 69c3bdde-69c3bdf3 354->361 366 69c3bd78-69c3bdb8 call 69c3d6c0 call 69c3b5d0 call 69c2eb30 * 4 358->366 367 69c3bd6c-69c3bd72 WaitForSingleObject 358->367 363 69c3bc78-69c3bc81 359->363 364 69c3bd5d-69c3bd61 ResumeThread 359->364 360->361 361->266 369 69c3bc83-69c3bc93 call 69c22400 363->369 370 69c3bc98-69c3bcb4 call 69c3d6c0 call 69c3b5d0 363->370 364->358 366->354 367->366 369->370 383 69c3bcb6-69c3bcc6 call 69c22400 370->383 384 69c3bccb-69c3bcd6 370->384 383->384 388 69c3bcd8-69c3bcda GetCurrentProcess 384->388 389 69c3bcdc 384->389 391 69c3bce0-69c3bcf0 TerminateProcess 388->391 389->391 393 69c3bcf2-69c3bcf7 391->393 394 69c3bd1b 391->394 396 69c3bcf9-69c3bcfb GetCurrentProcess 393->396 397 69c3bcfd 393->397 398 69c3bd23 394->398 402 69c3bd01-69c3bd0f WaitForSingleObject 396->402 397->402 399 69c3bd31-69c3bd58 call 69c3b5d0 call 69c2eb30 call 69c3d680 call 69c22e00 398->399 400 69c3bd25-69c3bd2c call 69c22ba0 398->400 399->266 400->399 402->399 405 69c3bd11-69c3bd19 402->405 405->398
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                        • Part of subcall function 69C3D530: new.LIBCMT ref: 69C3D54D
                                                                                                                                                                                                                                      • new.LIBCMT ref: 69C3B811
                                                                                                                                                                                                                                      • SetHandleInformation.KERNEL32(00000000,00000001,00000001), ref: 69C3B8AA
                                                                                                                                                                                                                                        • Part of subcall function 69C3B5D0: GetCurrentProcess.KERNEL32(00000001,?,00000001), ref: 69C3B5F4
                                                                                                                                                                                                                                        • Part of subcall function 69C3FC31: std::invalid_argument::invalid_argument.LIBCONCRT ref: 69C3FC3D
                                                                                                                                                                                                                                        • Part of subcall function 69C3FC31: __CxxThrowException@8.LIBVCRUNTIME ref: 69C3FC4B
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      • invalid vector<T> subscript, xrefs: 69C3BE32
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: CurrentException@8HandleInformationProcessThrowstd::invalid_argument::invalid_argument
                                                                                                                                                                                                                                      • String ID: invalid vector<T> subscript
                                                                                                                                                                                                                                      • API String ID: 2615769013-3016609489
                                                                                                                                                                                                                                      • Opcode ID: 617790d59962363e6e6bf5916b6e907fa640904acbda6f86427a1c2483ce745a
                                                                                                                                                                                                                                      • Instruction ID: 8c794af2a06e340bb50a94d4b43c068a0dd750a6f243fb57b0a39a9494e1c23b
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 617790d59962363e6e6bf5916b6e907fa640904acbda6f86427a1c2483ce745a
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2F127C356087509FE724CF25E850BABB7F4BF85318F80891DF4AA97290EB34E945CB52
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C32A20 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 172libraryloaderCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(00000000), ref: 69C32A4E
                                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(kernel32.dll,IsWow64Process), ref: 69C32A64
                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000), ref: 69C32A6B
                                                                                                                                                                                                                                      • GetVersionExW.KERNEL32(0000011C), ref: 69C32AE0
                                                                                                                                                                                                                                      • GetNativeSystemInfo.KERNEL32(?), ref: 69C32B3C
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: AddressCurrentHandleInfoModuleNativeProcProcessSystemVersion
                                                                                                                                                                                                                                      • String ID: GetProductInfo$IsWow64Process$kernel32.dll
                                                                                                                                                                                                                                      • API String ID: 1167739923-1263506661
                                                                                                                                                                                                                                      • Opcode ID: 2a1dd8215e88149a4d6b68c14a8ffe4a1eaec83c0b428c5542d0652ad9a70698
                                                                                                                                                                                                                                      • Instruction ID: 71e747aa0bad0ac4c180a88fca31812594421f46ddc7cfc187df9c22ae987adb
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2a1dd8215e88149a4d6b68c14a8ffe4a1eaec83c0b428c5542d0652ad9a70698
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7B617F70900628CBDF30CF69E9557EAB7F4EF09314F50059AE48AD7240EB75AA85CF81
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C52301 Relevance: 12.7, APIs: 6, Strings: 1, Instructions: 461COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: _free$_memcmp
                                                                                                                                                                                                                                      • String ID: C
                                                                                                                                                                                                                                      • API String ID: 789029625-1037565863
                                                                                                                                                                                                                                      • Opcode ID: dc8688e25f6591bea681500c5bf1175f1984abc30a464b34f54fc7800f055a36
                                                                                                                                                                                                                                      • Instruction ID: 2d931c5cab233094f4325a302aa18ac6df872e2f84f4bd594fdb945563f241af
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dc8688e25f6591bea681500c5bf1175f1984abc30a464b34f54fc7800f055a36
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3202A175A052199BDB24CF18ECA4B9DB3F4FF48714F5081AAD80AA7250F731AEA1CF54
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C5B452 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 86COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(?,2000000B,?,00000002), ref: 69C5B4EB
                                                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(?,20001004,?,00000002), ref: 69C5B514
                                                                                                                                                                                                                                      • GetACP.KERNEL32 ref: 69C5B529
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: InfoLocale
                                                                                                                                                                                                                                      • String ID: ACP$OCP
                                                                                                                                                                                                                                      • API String ID: 2299586839-711371036
                                                                                                                                                                                                                                      • Opcode ID: 122bed4342ed39829d84fc5a46293339f1a1e2c0515470751a287dc79d8fc072
                                                                                                                                                                                                                                      • Instruction ID: c249e7e2f729cd054327107436694993d3923f29b1dfcebaae4778489ebc9244
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 122bed4342ed39829d84fc5a46293339f1a1e2c0515470751a287dc79d8fc072
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F521C172644104AAE724CF59FA02B97BBB6FB44B60B928464E90BD7100F732DD71C368
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C5B626 Relevance: 7.7, APIs: 5, Instructions: 188COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                        • Part of subcall function 69C4FBB0: GetLastError.KERNEL32(00000008,69C21DE7,69C4EBE2,69C45DC7), ref: 69C4FBB4
                                                                                                                                                                                                                                        • Part of subcall function 69C4FBB0: _free.LIBCMT ref: 69C4FBE7
                                                                                                                                                                                                                                        • Part of subcall function 69C4FBB0: SetLastError.KERNEL32(00000000,00000008,69C21DE7), ref: 69C4FC28
                                                                                                                                                                                                                                        • Part of subcall function 69C4FBB0: _abort.LIBCMT ref: 69C4FC2E
                                                                                                                                                                                                                                        • Part of subcall function 69C4FBB0: _free.LIBCMT ref: 69C4FC0F
                                                                                                                                                                                                                                        • Part of subcall function 69C4FBB0: SetLastError.KERNEL32(00000000,00000008,69C21DE7), ref: 69C4FC1C
                                                                                                                                                                                                                                      • GetUserDefaultLCID.KERNEL32 ref: 69C5B732
                                                                                                                                                                                                                                      • IsValidCodePage.KERNEL32(00000000), ref: 69C5B78D
                                                                                                                                                                                                                                      • IsValidLocale.KERNEL32(?,00000001), ref: 69C5B79C
                                                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(?,00001001,?,00000040,?,?,00000055,00000000,?,?,00000055,00000000), ref: 69C5B7E4
                                                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(?,00001002,?,00000040), ref: 69C5B803
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: ErrorLastLocale$InfoValid_free$CodeDefaultPageUser_abort
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 745075371-0
                                                                                                                                                                                                                                      • Opcode ID: 74b6b42912623ea28d7424d873e9c96f7d5fd02984fc0d890c54eb2a060778d8
                                                                                                                                                                                                                                      • Instruction ID: a82e46e773448ce6d21576026af315d670ec20938f93eb6e1219b26de87d1558
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 74b6b42912623ea28d7424d873e9c96f7d5fd02984fc0d890c54eb2a060778d8
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A8519075A006099FEB10DFA5EC90ABABBB8BF45740F004069E925EB190F770D9308B75
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C229A0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 132windowCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • FormatMessageA.KERNEL32(00001200,00000000,?,00000000,?,00000100,00000000,?,?), ref: 69C229D1
                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,00000000,?,00000100,00000000,?,?), ref: 69C22B45
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      • Error (0x%X) while retrieving error. (0x%X), xrefs: 69C22B4C
                                                                                                                                                                                                                                      • (0x%X), xrefs: 69C22A48
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: ErrorFormatLastMessage
                                                                                                                                                                                                                                      • String ID: (0x%X)$Error (0x%X) while retrieving error. (0x%X)
                                                                                                                                                                                                                                      • API String ID: 3479602957-3758316108
                                                                                                                                                                                                                                      • Opcode ID: 4c39b5bca2a5accc1678782794fdc4799a2b93d997843081b71f7b579bc67b4f
                                                                                                                                                                                                                                      • Instruction ID: fe63fa56c5b167db3d21fc25fda724da0228bd43be7652f0dcb3154576733310
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4c39b5bca2a5accc1678782794fdc4799a2b93d997843081b71f7b579bc67b4f
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5041C130A001289FDB29CB58DC54FEEB775EB49314F1042D9E45AAA2C1EB715F86CF91
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C505C6 Relevance: 6.1, APIs: 4, Instructions: 90timeCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • _free.LIBCMT ref: 69C505D6
                                                                                                                                                                                                                                        • Part of subcall function 69C4CBA5: HeapFree.KERNEL32(00000000,00000000,?,69C5A020,00000000,00000000,00000000,00000000,?,69C5A2C4,00000000,00000007,00000000,?,69C58081,00000000), ref: 69C4CBBB
                                                                                                                                                                                                                                        • Part of subcall function 69C4CBA5: GetLastError.KERNEL32(00000000,?,69C5A020,00000000,00000000,00000000,00000000,?,69C5A2C4,00000000,00000007,00000000,?,69C58081,00000000,00000000), ref: 69C4CBCD
                                                                                                                                                                                                                                      • GetTimeZoneInformation.KERNEL32 ref: 69C505E8
                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,?,69C7EC4C,000000FF,?,0000003F,?,?), ref: 69C50660
                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,?,69C7ECA0,000000FF,?,0000003F,?,?,?,69C7EC4C,000000FF,?,0000003F,?,?), ref: 69C5068D
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: ByteCharMultiWide$ErrorFreeHeapInformationLastTimeZone_free
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 806657224-0
                                                                                                                                                                                                                                      • Opcode ID: f0d85f2c69815d5da7ef75d676183a760dff05bfb5e5812f370c06f0c846e73d
                                                                                                                                                                                                                                      • Instruction ID: 6d910c48d456700e136c91b5dc3af6b36b371271791772a48d947ac40dad9aa1
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f0d85f2c69815d5da7ef75d676183a760dff05bfb5e5812f370c06f0c846e73d
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7F31F576900255DFDB00CF69DC808BDBFB8FF86758714816AE865DB2A0EB308921CB15
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C5B0D9 Relevance: 4.7, APIs: 3, Instructions: 205COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                        • Part of subcall function 69C4FBB0: GetLastError.KERNEL32(00000008,69C21DE7,69C4EBE2,69C45DC7), ref: 69C4FBB4
                                                                                                                                                                                                                                        • Part of subcall function 69C4FBB0: _free.LIBCMT ref: 69C4FBE7
                                                                                                                                                                                                                                        • Part of subcall function 69C4FBB0: SetLastError.KERNEL32(00000000,00000008,69C21DE7), ref: 69C4FC28
                                                                                                                                                                                                                                        • Part of subcall function 69C4FBB0: _abort.LIBCMT ref: 69C4FC2E
                                                                                                                                                                                                                                        • Part of subcall function 69C4FBB0: _free.LIBCMT ref: 69C4FC0F
                                                                                                                                                                                                                                        • Part of subcall function 69C4FBB0: SetLastError.KERNEL32(00000000,00000008,69C21DE7), ref: 69C4FC1C
                                                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 69C5B12D
                                                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 69C5B17E
                                                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 69C5B23E
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: ErrorInfoLastLocale$_free$_abort
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2829624132-0
                                                                                                                                                                                                                                      • Opcode ID: 72b7ee30e55b0d4b21814fdd4ecf7b15dcf130f3f57e2ffd117839f658b3c5c0
                                                                                                                                                                                                                                      • Instruction ID: c93f684170a4c7d7ea7edb21416f44c5d2d5a796d48058a3457e069c88925934
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 72b7ee30e55b0d4b21814fdd4ecf7b15dcf130f3f57e2ffd117839f658b3c5c0
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CD61C07154460B9FEB18CE25ED82B6A7BB8FF04304F1080BAE916D6581FB74D971CB68
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C45F8C Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 69C46084
                                                                                                                                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 69C4608E
                                                                                                                                                                                                                                      • UnhandledExceptionFilter.KERNEL32(-00000328,?,?,?,?,?,00000000), ref: 69C4609B
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 3906539128-0
                                                                                                                                                                                                                                      • Opcode ID: f2e3932f5065e33d9feccf4a1ff44b4e95c7b4b4d39d9a2d4b9b9a63ec115558
                                                                                                                                                                                                                                      • Instruction ID: 317d8a360bac38b326609120cd98d839adaa2466cf5fdb82a1a71570f133a709
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f2e3932f5065e33d9feccf4a1ff44b4e95c7b4b4d39d9a2d4b9b9a63ec115558
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9431D67594122CDBCB21DF64D988BDCBBB8BF08710F5081DAE81CA7250E7309B858F45
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C3D200 Relevance: 4.6, APIs: 3, Instructions: 78COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • GetUserDefaultUILanguage.KERNEL32 ref: 69C3D21F
                                                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(?,00000059,?,00000009), ref: 69C3D23D
                                                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(?,0000005A,?,00000009,?,-00000001,?,00000059,?,00000009), ref: 69C3D284
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: InfoLocale$DefaultLanguageUser
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 1606347679-0
                                                                                                                                                                                                                                      • Opcode ID: 1b05186eb8ce0cf93f5860a016cce1b87efbd61bc1d2b2a2049cf6c552b6da0d
                                                                                                                                                                                                                                      • Instruction ID: c74aefd53d3e291f76bdee862a54f79bf1fb5e0286024e131deadb5b4dfd0973
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1b05186eb8ce0cf93f5860a016cce1b87efbd61bc1d2b2a2049cf6c552b6da0d
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1421A175A402289BDB10DEA6A845BAFB7B8EB45711F80016AF506D7281EB35DC06CB91
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C5F711 Relevance: 4.5, APIs: 3, Instructions: 47memoryCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000), ref: 69C5F744
                                                                                                                                                                                                                                      • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 69C5F759
                                                                                                                                                                                                                                      • FreeSid.ADVAPI32(?), ref: 69C5F769
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 3429775523-0
                                                                                                                                                                                                                                      • Opcode ID: a67d438042493ee05df028a0b320557a8faa70141505e9b4febaae111ccb74a9
                                                                                                                                                                                                                                      • Instruction ID: 31ecf8353c6468922639fd55c67c7db8ec5a236dacc482f391e39e0178a604ad
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a67d438042493ee05df028a0b320557a8faa70141505e9b4febaae111ccb74a9
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5B012C7095021DAFDF00DFE0CD85ABEB7BCFB08201F404569A916E6180E7349A048A61
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C62CE9 Relevance: 4.5, APIs: 3, Instructions: 40COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • LoadResource.KERNEL32(?,?,?,69C62BE3,?,00000000,?,?,69C62C6F,?,?,?), ref: 69C62CF2
                                                                                                                                                                                                                                      • LockResource.KERNEL32(00000000,00000A2F,?,69C62BE3,?,00000000,?,?,69C62C6F,?,?,?), ref: 69C62D00
                                                                                                                                                                                                                                      • SizeofResource.KERNEL32(?,?,?,69C62BE3,?,00000000,?,?,69C62C6F,?,?,?), ref: 69C62D12
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: Resource$LoadLockSizeof
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2853612939-0
                                                                                                                                                                                                                                      • Opcode ID: d242ca1d5fd52857a0c9baced8091a62c50dde5c61b9eaed01bf37feb48d38b5
                                                                                                                                                                                                                                      • Instruction ID: 4cc1eff97534192a909abda9397b7fbba18d424d380e4c96bf33b063c3aebfcc
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d242ca1d5fd52857a0c9baced8091a62c50dde5c61b9eaed01bf37feb48d38b5
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 68F0C836901235ABDF311F65E95449A7BB9EF463517008826FD59D7034F631E852D7C0
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C49E6A Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(69C21DE7,?,69C49E40,69C21DE7,69C7B670,0000000C,69C49F88,69C21DE7,00000002,00000000,?,69C45DF9,00000003,?,69C3FA3A,69C3FA7E), ref: 69C49E8B
                                                                                                                                                                                                                                      • TerminateProcess.KERNEL32(00000000,?,69C49E40,69C21DE7,69C7B670,0000000C,69C49F88,69C21DE7,00000002,00000000,?,69C45DF9,00000003,?,69C3FA3A,69C3FA7E), ref: 69C49E92
                                                                                                                                                                                                                                      • ExitProcess.KERNEL32 ref: 69C49EA4
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 1703294689-0
                                                                                                                                                                                                                                      • Opcode ID: a2fe2388c1f6692f336c87e1cc416bf4f857a2acb361f3ae451cee51e5eb3a4d
                                                                                                                                                                                                                                      • Instruction ID: a2b4eebf59393729abc3e8973b1019e920b8d98bd3e9e9bf27280a52c238138b
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a2fe2388c1f6692f336c87e1cc416bf4f857a2acb361f3ae451cee51e5eb3a4d
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5FE046321006A8AFCF01AF61DA08AA93B79EB85B95B104424F8098A020DB35D843DB80
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C4168B Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 135COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • IsProcessorFeaturePresent.KERNEL32(0000000A,?), ref: 69C416A4
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: FeaturePresentProcessor
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2325560087-3916222277
                                                                                                                                                                                                                                      • Opcode ID: 9cb188435df57f47b62d98e2d035c99d1da42347d62eab8fb4841983b601f6f4
                                                                                                                                                                                                                                      • Instruction ID: eac84bbe46a63821a8e7db53339751663b3abb56a7741ba794796a2f0b47777f
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9cb188435df57f47b62d98e2d035c99d1da42347d62eab8fb4841983b601f6f4
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9451AFB1E002198FEF04CF6AE4927AEBBF4FB08714F10852AD855EB280E7749461CF91
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C5AD29 Relevance: 3.2, APIs: 2, Instructions: 192COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • IsValidCodePage.KERNEL32(00000000), ref: 69C5ADD0
                                                                                                                                                                                                                                        • Part of subcall function 69C46183: IsProcessorFeaturePresent.KERNEL32(00000017,69C46155,0000010C,00000000,00000000,00000000,00000000,00000000,?,?,69C46175,00000000,00000000,00000000,00000000,00000000), ref: 69C46185
                                                                                                                                                                                                                                        • Part of subcall function 69C46183: GetCurrentProcess.KERNEL32(C0000417,00000000,0000010C,69C322CA), ref: 69C461A7
                                                                                                                                                                                                                                        • Part of subcall function 69C46183: TerminateProcess.KERNEL32(00000000), ref: 69C461AE
                                                                                                                                                                                                                                        • Part of subcall function 69C4FBB0: GetLastError.KERNEL32(00000008,69C21DE7,69C4EBE2,69C45DC7), ref: 69C4FBB4
                                                                                                                                                                                                                                        • Part of subcall function 69C4FBB0: _free.LIBCMT ref: 69C4FBE7
                                                                                                                                                                                                                                        • Part of subcall function 69C4FBB0: SetLastError.KERNEL32(00000000,00000008,69C21DE7), ref: 69C4FC28
                                                                                                                                                                                                                                        • Part of subcall function 69C4FBB0: _abort.LIBCMT ref: 69C4FC2E
                                                                                                                                                                                                                                        • Part of subcall function 69C4FBB0: _free.LIBCMT ref: 69C4FC0F
                                                                                                                                                                                                                                        • Part of subcall function 69C4FBB0: SetLastError.KERNEL32(00000000,00000008,69C21DE7), ref: 69C4FC1C
                                                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 69C5AF11
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: ErrorLast$Process_free$CodeCurrentFeatureInfoLocalePagePresentProcessorTerminateValid_abort
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 3156739809-0
                                                                                                                                                                                                                                      • Opcode ID: 253eec1b7daa80d711c47aa827c3ea1ad9db1d5989c7edcb15dedbe8c8838c4d
                                                                                                                                                                                                                                      • Instruction ID: 9cada54d5f831aaf5d1909e35ac655dfaf9ea2a573888d1375164c63cd7ca743
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 253eec1b7daa80d711c47aa827c3ea1ad9db1d5989c7edcb15dedbe8c8838c4d
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D451E636700205AAE715EA76FC45FB773A8EF85774F008529A916DB180FB70E83187B9
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C5B329 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                        • Part of subcall function 69C4FBB0: GetLastError.KERNEL32(00000008,69C21DE7,69C4EBE2,69C45DC7), ref: 69C4FBB4
                                                                                                                                                                                                                                        • Part of subcall function 69C4FBB0: _free.LIBCMT ref: 69C4FBE7
                                                                                                                                                                                                                                        • Part of subcall function 69C4FBB0: SetLastError.KERNEL32(00000000,00000008,69C21DE7), ref: 69C4FC28
                                                                                                                                                                                                                                        • Part of subcall function 69C4FBB0: _abort.LIBCMT ref: 69C4FC2E
                                                                                                                                                                                                                                        • Part of subcall function 69C4FBB0: _free.LIBCMT ref: 69C4FC0F
                                                                                                                                                                                                                                        • Part of subcall function 69C4FBB0: SetLastError.KERNEL32(00000000,00000008,69C21DE7), ref: 69C4FC1C
                                                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 69C5B37D
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: ErrorLast$_free$InfoLocale_abort
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 1663032902-0
                                                                                                                                                                                                                                      • Opcode ID: e9ece3c5031ea63bfca9a1d0138a27f7aef3aff5d6f9ab78beea6884c7d8db20
                                                                                                                                                                                                                                      • Instruction ID: c56e6f9aa5fc211f94e2350ab4e56fbfcbc723648031bd4f48deccf2ff6c9bd1
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e9ece3c5031ea63bfca9a1d0138a27f7aef3aff5d6f9ab78beea6884c7d8db20
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4C21D03254421AABDB14CE28EC81BAA7BA8EF09314F10407BFE02D6180FF34E875CB54
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C5AEBD Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                        • Part of subcall function 69C4FBB0: GetLastError.KERNEL32(00000008,69C21DE7,69C4EBE2,69C45DC7), ref: 69C4FBB4
                                                                                                                                                                                                                                        • Part of subcall function 69C4FBB0: _free.LIBCMT ref: 69C4FBE7
                                                                                                                                                                                                                                        • Part of subcall function 69C4FBB0: SetLastError.KERNEL32(00000000,00000008,69C21DE7), ref: 69C4FC28
                                                                                                                                                                                                                                        • Part of subcall function 69C4FBB0: _abort.LIBCMT ref: 69C4FC2E
                                                                                                                                                                                                                                        • Part of subcall function 69C4FBB0: _free.LIBCMT ref: 69C4FC0F
                                                                                                                                                                                                                                        • Part of subcall function 69C4FBB0: SetLastError.KERNEL32(00000000,00000008,69C21DE7), ref: 69C4FC1C
                                                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 69C5AF11
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: ErrorLast$_free$InfoLocale_abort
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 1663032902-0
                                                                                                                                                                                                                                      • Opcode ID: ba48e2502b205e51db516e72cdbc6f5a5dcde6a5be65dfdf4c7f87c3f58a0e61
                                                                                                                                                                                                                                      • Instruction ID: b21dcf8fd164de4f95acd976ecee1959fd918126a8be9f045658e1972035f243
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ba48e2502b205e51db516e72cdbc6f5a5dcde6a5be65dfdf4c7f87c3f58a0e61
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5C110A766001169FD714CF29EC41ABA77ACEF45320B1091BAE906C7540FB34E921C794
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C5AFB1 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                        • Part of subcall function 69C4FBB0: GetLastError.KERNEL32(00000008,69C21DE7,69C4EBE2,69C45DC7), ref: 69C4FBB4
                                                                                                                                                                                                                                        • Part of subcall function 69C4FBB0: _free.LIBCMT ref: 69C4FBE7
                                                                                                                                                                                                                                        • Part of subcall function 69C4FBB0: SetLastError.KERNEL32(00000000,00000008,69C21DE7), ref: 69C4FC28
                                                                                                                                                                                                                                        • Part of subcall function 69C4FBB0: _abort.LIBCMT ref: 69C4FC2E
                                                                                                                                                                                                                                      • EnumSystemLocalesW.KERNEL32(69C5B0D9,00000001), ref: 69C5B023
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: ErrorLast$EnumLocalesSystem_abort_free
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 1084509184-0
                                                                                                                                                                                                                                      • Opcode ID: 5493d2b52bbc1bee9ef6e8ecc3c3a4fbaad21a4c272302574a2e6f7c0802996b
                                                                                                                                                                                                                                      • Instruction ID: 3cb23a1ea42866e6a518d455b547db645413b5a8384a0913e8545316a5edbe2c
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5493d2b52bbc1bee9ef6e8ecc3c3a4fbaad21a4c272302574a2e6f7c0802996b
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8911297B2047019FDB189F3AD9A167ABBA1FFC4368B54452DD54787A40E3316463C740
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C5B559 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                        • Part of subcall function 69C4FBB0: GetLastError.KERNEL32(00000008,69C21DE7,69C4EBE2,69C45DC7), ref: 69C4FBB4
                                                                                                                                                                                                                                        • Part of subcall function 69C4FBB0: _free.LIBCMT ref: 69C4FBE7
                                                                                                                                                                                                                                        • Part of subcall function 69C4FBB0: SetLastError.KERNEL32(00000000,00000008,69C21DE7), ref: 69C4FC28
                                                                                                                                                                                                                                        • Part of subcall function 69C4FBB0: _abort.LIBCMT ref: 69C4FC2E
                                                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,69C5B2F7,00000000,00000000,?), ref: 69C5B585
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: ErrorLast$InfoLocale_abort_free
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2692324296-0
                                                                                                                                                                                                                                      • Opcode ID: 97bdd1d2b7bb11d2eb2acb0f58b39b66864c1c297cff84c91439e03f515a3096
                                                                                                                                                                                                                                      • Instruction ID: d7761461c551aeb9bfcfede9587572eebda8741099ae7003b96a2c3acfd86c7c
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 97bdd1d2b7bb11d2eb2acb0f58b39b66864c1c297cff84c91439e03f515a3096
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DEF02D76600515AFDB1C8A65D805BBB7F68FF40754F40446AED16A3180FA30FE32C6D4
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C5B04C Relevance: 1.5, APIs: 1, Instructions: 42COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                        • Part of subcall function 69C4FBB0: GetLastError.KERNEL32(00000008,69C21DE7,69C4EBE2,69C45DC7), ref: 69C4FBB4
                                                                                                                                                                                                                                        • Part of subcall function 69C4FBB0: _free.LIBCMT ref: 69C4FBE7
                                                                                                                                                                                                                                        • Part of subcall function 69C4FBB0: SetLastError.KERNEL32(00000000,00000008,69C21DE7), ref: 69C4FC28
                                                                                                                                                                                                                                        • Part of subcall function 69C4FBB0: _abort.LIBCMT ref: 69C4FC2E
                                                                                                                                                                                                                                      • EnumSystemLocalesW.KERNEL32(69C5B329,00000001), ref: 69C5B098
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: ErrorLast$EnumLocalesSystem_abort_free
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 1084509184-0
                                                                                                                                                                                                                                      • Opcode ID: ee0714b982d332cadc5996705f9dbd42ecfa4b3b7447e9f43b79dcce27fe8a30
                                                                                                                                                                                                                                      • Instruction ID: b8f461d50a46892d5a5df8d0baa5dbdd611f7ad3cf97292ff258db6de270e98a
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ee0714b982d332cadc5996705f9dbd42ecfa4b3b7447e9f43b79dcce27fe8a30
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A8F022762003055FD7148E3AE991A7A7FA5EFC1368F44842DE9028B640E7719822C644
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C4EC36 Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                        • Part of subcall function 69C4B688: EnterCriticalSection.KERNEL32(?,?,69C4B4E9,00000000,69C7B718,0000000C,69C3F041,?,69C40906,?,?,69C31BDD,0000012C), ref: 69C4B697
                                                                                                                                                                                                                                      • EnumSystemLocalesW.KERNEL32(69C4EBF0,00000001,69C7B8B8,0000000C), ref: 69C4EC6E
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: CriticalEnterEnumLocalesSectionSystem
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 1272433827-0
                                                                                                                                                                                                                                      • Opcode ID: 70a1a6973db624ebf6de80e3ae2f6f193c4d06ccda6f1d88da1567f902254d6c
                                                                                                                                                                                                                                      • Instruction ID: 69868d08a5c580967c2b5351f34cc50dc1cb5e7b088565517925deb40657316e
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 70a1a6973db624ebf6de80e3ae2f6f193c4d06ccda6f1d88da1567f902254d6c
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7CF03736A10214DFDB14DF68D404BAD3BB0EB05724F51D11AF810DF290EB348A428F86
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C5F147 Relevance: 1.5, APIs: 1, Instructions: 33timeCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: LocalTime
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 481472006-0
                                                                                                                                                                                                                                      • Opcode ID: f322af12d1a828829cff4222591d16af9ee1c0feb2f8c234e6c354ee71648917
                                                                                                                                                                                                                                      • Instruction ID: 42d6799ccf4618e6224298088dbe56d631f5420a8a8fc0739c3f238780233c7e
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f322af12d1a828829cff4222591d16af9ee1c0feb2f8c234e6c354ee71648917
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1EF0F038D0011ED7CF08EF99C9117FEB7B8AF29705F80403AA802EA640E7388A51D3A5
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C4F15E Relevance: 1.5, APIs: 1, Instructions: 32COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(00000000,00000002,00000000,?,20001004,?,?,?,?,69C51EFE,?,20001004,?,00000002,?), ref: 69C4F19D
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: InfoLocale
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2299586839-0
                                                                                                                                                                                                                                      • Opcode ID: a3cd16943c6fe0efd4f8908d61c2a96b937534f51f198e32e6c52121e26383bd
                                                                                                                                                                                                                                      • Instruction ID: 72c24aac7921f08445f46e673fe6d1fedeaf120f8e8e84afb51e34d84f733424
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a3cd16943c6fe0efd4f8908d61c2a96b937534f51f198e32e6c52121e26383bd
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 27F05E39641268EFCF129F21EC00A6E7B65EF49B10F408015FC0556210DB329E11EA95
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C5AF66 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                        • Part of subcall function 69C4FBB0: GetLastError.KERNEL32(00000008,69C21DE7,69C4EBE2,69C45DC7), ref: 69C4FBB4
                                                                                                                                                                                                                                        • Part of subcall function 69C4FBB0: _free.LIBCMT ref: 69C4FBE7
                                                                                                                                                                                                                                        • Part of subcall function 69C4FBB0: SetLastError.KERNEL32(00000000,00000008,69C21DE7), ref: 69C4FC28
                                                                                                                                                                                                                                        • Part of subcall function 69C4FBB0: _abort.LIBCMT ref: 69C4FC2E
                                                                                                                                                                                                                                      • EnumSystemLocalesW.KERNEL32(Function_0003AEBD,00000001), ref: 69C5AF9D
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: ErrorLast$EnumLocalesSystem_abort_free
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 1084509184-0
                                                                                                                                                                                                                                      • Opcode ID: c976b867ef68ddeb0d00448ff9d0845c64af06267d2cee0ff4ae14a5382ff0d8
                                                                                                                                                                                                                                      • Instruction ID: 6c40ae05b1694c7d9fcf12b5a47f5c1bb2cfa33a4b57b929d7ae9637bf96cb7a
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c976b867ef68ddeb0d00448ff9d0845c64af06267d2cee0ff4ae14a5382ff0d8
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 14F0553A30020957CB049F3AE955B6A7FA4EFC2764B064058EA068B680D7359863C7A0
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C4B428 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: HeapProcess
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 54951025-0
                                                                                                                                                                                                                                      • Opcode ID: 8bb5d0f272cce2152bf720603a3d27ba61399f805aef81330b5c3a43b7ded258
                                                                                                                                                                                                                                      • Instruction ID: 3dd888233872cf07fe476d136ba07cdd2140ffe8f710de0c96e7ec8c598beaca
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8bb5d0f272cce2152bf720603a3d27ba61399f805aef81330b5c3a43b7ded258
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E8A00275601155CB5B508E35470525935BD755669170540559405C5170D62555529603
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C42FC6 Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 269COMMONLIBRARYCODE
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 413 69c42fc6-69c42fe4 414 69c42fe6-69c42fea 413->414 415 69c42fec 413->415 416 69c42fef-69c42ff5 414->416 415->416 417 69c432e2 call 69c4de5c 416->417 418 69c42ffb-69c42ffe 416->418 423 69c432e7-69c43302 call 69c42c44 call 69c42cf3 call 69c42bd6 417->423 418->417 419 69c43004-69c4300d 418->419 421 69c43013-69c43017 419->421 422 69c432ab 419->422 424 69c4301d-69c43024 421->424 425 69c430eb-69c430f1 421->425 427 69c432ae-69c432b2 422->427 452 69c43307 423->452 428 69c43026-69c4302d 424->428 429 69c4303c-69c43040 424->429 430 69c430f9-69c430ff 425->430 432 69c432b4-69c432b8 427->432 433 69c432d0-69c432d9 call 69c45598 427->433 428->429 435 69c4302f-69c43036 428->435 429->425 438 69c43046-69c4304f call 69c45598 429->438 430->427 436 69c43105-69c43109 430->436 432->417 439 69c432ba-69c432cd call 69c43327 432->439 433->417 445 69c432db-69c432e1 433->445 435->425 435->429 436->427 441 69c4310f-69c43116 436->441 438->445 453 69c43055-69c4306e call 69c45598 * 2 438->453 439->433 446 69c4312e-69c43132 441->446 447 69c43118-69c4311f 441->447 454 69c43235-69c43239 446->454 455 69c43138-69c43153 call 69c42347 446->455 447->446 451 69c43121-69c43128 447->451 451->427 451->446 458 69c4330a-69c43326 call 69c423f1 call 69c43752 call 69c42ec7 452->458 453->417 477 69c43074-69c4307a 453->477 456 69c43245-69c43249 454->456 457 69c4323b-69c43244 call 69c42c44 454->457 455->454 467 69c43159-69c4315f 455->467 456->433 463 69c4324f-69c4325b 456->463 457->456 463->433 469 69c4325d-69c43261 463->469 473 69c43162-69c4316e 467->473 474 69c43263-69c43267 469->474 475 69c4326f-69c43273 469->475 478 69c43174-69c43177 473->478 479 69c43222-69c4322f 473->479 474->433 480 69c43269-69c4326d 474->480 475->417 481 69c43275-69c43282 call 69c43442 475->481 483 69c430a7-69c430b0 call 69c45598 477->483 484 69c4307c-69c43080 477->484 478->479 485 69c4317d-69c4318d 478->485 479->454 479->473 480->433 480->475 481->433 492 69c43284-69c432a6 call 69c45598 * 4 481->492 501 69c430b2-69c430d3 call 69c45598 * 2 call 69c43442 483->501 502 69c430f3-69c430f6 483->502 484->483 488 69c43082-69c43089 484->488 485->479 489 69c43193-69c431a4 485->489 493 69c4309d-69c430a1 488->493 494 69c4308b-69c43092 488->494 495 69c431a7-69c431af 489->495 492->452 527 69c432a8-69c432a9 492->527 493->417 493->483 494->493 498 69c43094-69c4309b 494->498 499 69c431b1-69c431c3 call 69c43916 495->499 500 69c431dc-69c431e6 495->500 498->483 498->493 512 69c431c5-69c431d7 499->512 513 69c431f0-69c43216 call 69c42f01 499->513 506 69c431e8-69c431ee 500->506 507 69c43219-69c4321f 500->507 501->502 524 69c430d5-69c430e0 call 69c434de 501->524 502->430 506->495 507->479 512->499 516 69c431d9 512->516 513->507 516->500 524->417 529 69c430e6 524->529 527->458 529->423
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • IsInExceptionSpec.LIBVCRUNTIME ref: 69C430CA
                                                                                                                                                                                                                                      • _GetRangeOfTrysToCheck.LIBVCRUNTIME ref: 69C43145
                                                                                                                                                                                                                                      • ___TypeMatch.LIBVCRUNTIME ref: 69C431B9
                                                                                                                                                                                                                                      • ___DestructExceptionObject.LIBVCRUNTIME ref: 69C4323E
                                                                                                                                                                                                                                      • IsInExceptionSpec.LIBVCRUNTIME ref: 69C43279
                                                                                                                                                                                                                                      • ___DestructExceptionObject.LIBVCRUNTIME ref: 69C432EA
                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 69C43302
                                                                                                                                                                                                                                      • _UnwindNestedFrames.LIBCMT ref: 69C4330A
                                                                                                                                                                                                                                      • ___FrameUnwindToState.LIBVCRUNTIME ref: 69C43316
                                                                                                                                                                                                                                      • CallUnexpected.LIBVCRUNTIME ref: 69C43321
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: Exception$DestructObjectSpecUnwind$CallCheckException@8FrameFramesMatchNestedRangeStateThrowTrysTypeUnexpected
                                                                                                                                                                                                                                      • String ID: csm$csm$csm
                                                                                                                                                                                                                                      • API String ID: 1230517499-393685449
                                                                                                                                                                                                                                      • Opcode ID: 07c7369a691616e1be864ca776c6501315653ec1c452c2f7efc0d7268fa95dcf
                                                                                                                                                                                                                                      • Instruction ID: efd08b4e137a9876d057dfae05602bc4aadff13f20396b04de4052247d2c34c3
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 07c7369a691616e1be864ca776c6501315653ec1c452c2f7efc0d7268fa95dcf
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3AB1D174A00309DFCF21CF94EA41B9EBBB5BF89B14F508159E81167652E336EA41CFA1
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C4BA4E Relevance: 22.8, APIs: 15, Instructions: 296COMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 530 69c4ba4e-69c4ba85 531 69c4bd9f-69c4bda7 530->531 532 69c4ba8b-69c4ba93 530->532 533 69c4bdac-69c4bdd4 531->533 534 69c4bda9 531->534 535 69c4ba95-69c4baab call 69c54a36 532->535 536 69c4bab1-69c4bab3 532->536 538 69c4bddb-69c4bdeb call 69c40c5d 533->538 534->533 535->536 543 69c4bd6c-69c4bd91 call 69c4cba5 * 4 535->543 537 69c4bab5 call 69c4b8f3 536->537 540 69c4baba-69c4baca call 69c4cba5 537->540 549 69c4bacb call 69c4b8f3 540->549 562 69c4bd92-69c4bd9d call 69c4cba5 543->562 551 69c4bad0-69c4badb call 69c4cba5 549->551 557 69c4badc call 69c4b8f3 551->557 559 69c4bae1-69c4baec call 69c4cba5 557->559 565 69c4baed call 69c4b8f3 559->565 562->538 567 69c4baf2-69c4bafd call 69c4cba5 565->567 570 69c4bb02 call 69c4b8f3 567->570 571 69c4bb07-69c4bb18 call 69c4cba5 570->571 571->543 574 69c4bb1e-69c4bb21 571->574 574->543 575 69c4bb27-69c4bb29 574->575 575->543 576 69c4bb2f-69c4bb32 575->576 576->543 577 69c4bb38-69c4bb3b 576->577 577->543 578 69c4bb41 577->578 579 69c4bb43-69c4bb4c 578->579 579->579 580 69c4bb4e-69c4bb5d GetCPInfo 579->580 580->543 581 69c4bb63-69c4bb69 580->581 581->543 582 69c4bb6f-69c4bba3 call 69c54f22 581->582 582->543 585 69c4bba9-69c4bbd7 call 69c54f22 582->585 585->543 588 69c4bbdd-69c4bbe1 585->588 589 69c4bbe3-69c4bbe6 588->589 590 69c4bc0e-69c4bc31 call 69c54be8 588->590 589->590 591 69c4bbe8 589->591 590->543 596 69c4bc37-69c4bc6b 590->596 593 69c4bbeb-69c4bbef 591->593 593->590 595 69c4bbf1-69c4bbf8 593->595 597 69c4bc02-69c4bc04 595->597 598 69c4bcad-69c4bcea 596->598 599 69c4bc6d-69c4bc70 596->599 603 69c4bc06-69c4bc0c 597->603 604 69c4bbfa-69c4bbff 597->604 601 69c4bd35-69c4bd6a 598->601 602 69c4bcec-69c4bcf3 598->602 599->598 600 69c4bc72 599->600 605 69c4bc75-69c4bc79 600->605 601->562 602->601 606 69c4bcf5-69c4bd32 call 69c4cba5 * 4 602->606 603->590 603->593 604->597 607 69c4bcaa 605->607 608 69c4bc7b-69c4bc84 605->608 606->601 607->598 610 69c4bc86-69c4bc8c 608->610 611 69c4bca2-69c4bca8 608->611 613 69c4bc8f-69c4bca0 610->613 611->605 611->607 613->611 613->613
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: _free$Info
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2509303402-0
                                                                                                                                                                                                                                      • Opcode ID: 51962aba01204b3ec9a363561d4adcc0dca43e9e60c674a990de91e178db3287
                                                                                                                                                                                                                                      • Instruction ID: 346d42ae90e79c8147b5cc9d6dd7561cc865583268e6cb2cba7181fd64c325d4
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 51962aba01204b3ec9a363561d4adcc0dca43e9e60c674a990de91e178db3287
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B5B1A075A403059FEF11CFA9D880BEEBBF4FF08704F148169E895A7291EB769945CB20
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C57EE9 Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 620 69c57ee9-69c57efd 621 69c57eff-69c57f04 620->621 622 69c57f6b-69c57f73 620->622 621->622 623 69c57f06-69c57f0b 621->623 624 69c57f75-69c57f78 622->624 625 69c57fba-69c57fd2 call 69c5805c 622->625 623->622 626 69c57f0d-69c57f10 623->626 624->625 628 69c57f7a-69c57fb7 call 69c4cba5 * 4 624->628 634 69c57fd5-69c57fdc 625->634 626->622 629 69c57f12-69c57f1a 626->629 628->625 632 69c57f34-69c57f3c 629->632 633 69c57f1c-69c57f1f 629->633 639 69c57f56-69c57f6a call 69c4cba5 * 2 632->639 640 69c57f3e-69c57f41 632->640 633->632 636 69c57f21-69c57f33 call 69c4cba5 call 69c598b3 633->636 637 69c57fde-69c57fe2 634->637 638 69c57ffb-69c57fff 634->638 636->632 648 69c57fe4-69c57fe7 637->648 649 69c57ff8 637->649 644 69c58017-69c58023 638->644 645 69c58001-69c58006 638->645 639->622 640->639 642 69c57f43-69c57f55 call 69c4cba5 call 69c59d6d 640->642 642->639 644->634 655 69c58025-69c58032 call 69c4cba5 644->655 652 69c58014 645->652 653 69c58008-69c5800b 645->653 648->649 657 69c57fe9-69c57ff7 call 69c4cba5 * 2 648->657 649->638 652->644 653->652 660 69c5800d-69c58013 call 69c4cba5 653->660 657->649 660->652
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • ___free_lconv_mon.LIBCMT ref: 69C57F2D
                                                                                                                                                                                                                                        • Part of subcall function 69C598B3: _free.LIBCMT ref: 69C598D0
                                                                                                                                                                                                                                        • Part of subcall function 69C598B3: _free.LIBCMT ref: 69C598E2
                                                                                                                                                                                                                                        • Part of subcall function 69C598B3: _free.LIBCMT ref: 69C598F4
                                                                                                                                                                                                                                        • Part of subcall function 69C598B3: _free.LIBCMT ref: 69C59906
                                                                                                                                                                                                                                        • Part of subcall function 69C598B3: _free.LIBCMT ref: 69C59918
                                                                                                                                                                                                                                        • Part of subcall function 69C598B3: _free.LIBCMT ref: 69C5992A
                                                                                                                                                                                                                                        • Part of subcall function 69C598B3: _free.LIBCMT ref: 69C5993C
                                                                                                                                                                                                                                        • Part of subcall function 69C598B3: _free.LIBCMT ref: 69C5994E
                                                                                                                                                                                                                                        • Part of subcall function 69C598B3: _free.LIBCMT ref: 69C59960
                                                                                                                                                                                                                                        • Part of subcall function 69C598B3: _free.LIBCMT ref: 69C59972
                                                                                                                                                                                                                                        • Part of subcall function 69C598B3: _free.LIBCMT ref: 69C59984
                                                                                                                                                                                                                                        • Part of subcall function 69C598B3: _free.LIBCMT ref: 69C59996
                                                                                                                                                                                                                                        • Part of subcall function 69C598B3: _free.LIBCMT ref: 69C599A8
                                                                                                                                                                                                                                      • _free.LIBCMT ref: 69C57F22
                                                                                                                                                                                                                                        • Part of subcall function 69C4CBA5: HeapFree.KERNEL32(00000000,00000000,?,69C5A020,00000000,00000000,00000000,00000000,?,69C5A2C4,00000000,00000007,00000000,?,69C58081,00000000), ref: 69C4CBBB
                                                                                                                                                                                                                                        • Part of subcall function 69C4CBA5: GetLastError.KERNEL32(00000000,?,69C5A020,00000000,00000000,00000000,00000000,?,69C5A2C4,00000000,00000007,00000000,?,69C58081,00000000,00000000), ref: 69C4CBCD
                                                                                                                                                                                                                                      • _free.LIBCMT ref: 69C57F44
                                                                                                                                                                                                                                      • _free.LIBCMT ref: 69C57F59
                                                                                                                                                                                                                                      • _free.LIBCMT ref: 69C57F64
                                                                                                                                                                                                                                      • _free.LIBCMT ref: 69C57F86
                                                                                                                                                                                                                                      • _free.LIBCMT ref: 69C57F99
                                                                                                                                                                                                                                      • _free.LIBCMT ref: 69C57FA7
                                                                                                                                                                                                                                      • _free.LIBCMT ref: 69C57FB2
                                                                                                                                                                                                                                      • _free.LIBCMT ref: 69C57FEA
                                                                                                                                                                                                                                      • _free.LIBCMT ref: 69C57FF1
                                                                                                                                                                                                                                      • _free.LIBCMT ref: 69C5800E
                                                                                                                                                                                                                                      • _free.LIBCMT ref: 69C58026
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 161543041-0
                                                                                                                                                                                                                                      • Opcode ID: a4826c6d6b67bd7721ba1a9d83b75279a22d4d514fc33aa0821889554e451b1e
                                                                                                                                                                                                                                      • Instruction ID: 2106a267954ef79babeb10b5e12ba84cbf7bb9cc795f8693df8bcbcf5044c1e8
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a4826c6d6b67bd7721ba1a9d83b75279a22d4d514fc33aa0821889554e451b1e
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 06314E31604B019FEB21DA38F844F9673E9BF40714F10D519E49AD71A0FF31A9A89764
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C225F0 Relevance: 19.6, APIs: 8, Strings: 3, Instructions: 300threadCOMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 677 69c225f0-69c22623 678 69c22625-69c22627 677->678 679 69c22629-69c2262c 677->679 680 69c22640-69c22668 call 69c2d710 678->680 681 69c22632-69c22634 679->681 682 69c2262e-69c22630 679->682 687 69c2266a-69c2266d 680->687 688 69c2266f-69c22684 call 69c26c50 680->688 683 69c22637-69c2263c 681->683 682->680 683->683 685 69c2263e 683->685 685->680 687->688 691 69c22686-69c2269c GetCurrentProcessId call 69c238e0 call 69c26c50 688->691 692 69c2269f-69c226a6 688->692 691->692 694 69c226c1-69c22760 call 69c49c00 call 69c46440 call 69c3fd69 * 2 call 69c238e0 692->694 695 69c226a8-69c226be GetCurrentThreadId call 69c237d0 call 69c26c50 692->695 714 69c22762-69c22764 694->714 715 69c22766-69c2276b 694->715 695->694 716 69c2276d-69c227b7 call 69c3fd69 call 69c238e0 call 69c26c50 714->716 715->716 724 69c227b9-69c227bb 716->724 725 69c227bd-69c227c2 716->725 726 69c227c4-69c22803 call 69c3fd69 call 69c238e0 724->726 725->726 732 69c22805-69c22807 726->732 733 69c22809-69c2280e 726->733 734 69c22810-69c2284f call 69c3fd69 call 69c238e0 732->734 733->734 740 69c22851-69c22853 734->740 741 69c22855-69c2285a 734->741 742 69c2285c-69c22890 call 69c238e0 call 69c26c50 740->742 741->742 748 69c22892-69c228aa GetTickCount call 69c236c0 call 69c26c50 742->748 749 69c228ad-69c228b5 742->749 748->749 751 69c228e0-69c228f3 call 69c26ec0 call 69c238e0 749->751 752 69c228b7-69c228ba 749->752 765 69c228f8-69c22962 call 69c26ec0 call 69c2d980 call 69c26ec0 call 69c238e0 call 69c26ec0 call 69c25110 751->765 755 69c228cf-69c228de call 69c26ec0 752->755 756 69c228bc-69c228cd call 69c26ec0 752->756 755->765 756->765 778 69c22973-69c22987 call 69c40c5d 765->778 779 69c22964-69c2296e call 69c25280 765->779 779->778
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: Smanip$Current$CountProcessThreadTick
                                                                                                                                                                                                                                      • String ID: )] $UNKNOWN$VERBOSE
                                                                                                                                                                                                                                      • API String ID: 1623629380-3915483136
                                                                                                                                                                                                                                      • Opcode ID: ba98b9a16dde5bd4cf87a9896cd7e94da36cbde1c41811f4d56f25bcd4f77724
                                                                                                                                                                                                                                      • Instruction ID: db9d401375cc1bddb14007bffec7197e5add0a49bb5de6b951973be580f5d748
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ba98b9a16dde5bd4cf87a9896cd7e94da36cbde1c41811f4d56f25bcd4f77724
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0DA1FEB5A04300AFD724DF64EC55F1ABBE5BF85708F048829F9898B291FB31D505CBA2
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C31CB0 Relevance: 19.5, APIs: 9, Strings: 2, Instructions: 265threadCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 69C31CCF
                                                                                                                                                                                                                                      • TlsSetValue.KERNEL32(?,?), ref: 69C31CFD
                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 69C31D4A
                                                                                                                                                                                                                                      • TlsSetValue.KERNEL32(?,00000000), ref: 69C31D72
                                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 69C31E06
                                                                                                                                                                                                                                      • AcquireSRWLockExclusive.KERNEL32(?,?,?), ref: 69C31E19
                                                                                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?), ref: 69C31EDE
                                                                                                                                                                                                                                      • AcquireSRWLockExclusive.KERNEL32(?,?,?), ref: 69C31F31
                                                                                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?), ref: 69C31FBF
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: ExclusiveLock$AcquireCloseHandleReleaseValue$CurrentThread
                                                                                                                                                                                                                                      • String ID: Failed to TlsSetValue().$c:\b\build\slave\win\build\src\base\threading\thread_local_win.cc
                                                                                                                                                                                                                                      • API String ID: 3870014289-1575462531
                                                                                                                                                                                                                                      • Opcode ID: 7b910b6ad2f7e5807ec24e1a3fc45678bc580abe2019a7a0dc67c1bf612c0051
                                                                                                                                                                                                                                      • Instruction ID: f054ac1df49494483968b8dbe51271d2a96736843d45851dbb19dc364d1bc5f2
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7b910b6ad2f7e5807ec24e1a3fc45678bc580abe2019a7a0dc67c1bf612c0051
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 03815475908354AFDB00DF64EC85BCA77E8BF55314F408829FD998B181FB70A649CBA2
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C599B1 Relevance: 18.4, APIs: 12, Instructions: 376COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: _free
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 269201875-0
                                                                                                                                                                                                                                      • Opcode ID: 77137fb85bc1237dffa6ba337794c5b711a5dd78753399fa1ea8cee5ccd44897
                                                                                                                                                                                                                                      • Instruction ID: 4eb12924d2701b10ff46feb4ec15dd662379442ad3b152805d9a33fd9d280399
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 77137fb85bc1237dffa6ba337794c5b711a5dd78753399fa1ea8cee5ccd44897
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CAC177B6E40204AFEB20DBA8DC82FDE77F9EB45744F444165FA05FB281F6709A608764
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C6526F Relevance: 17.8, APIs: 2, Strings: 8, Instructions: 305fileCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                        • Part of subcall function 69C66AB6: SetFilePointerEx.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000), ref: 69C66AEE
                                                                                                                                                                                                                                        • Part of subcall function 69C66AB6: GetLastError.KERNEL32 ref: 69C66B07
                                                                                                                                                                                                                                      • SetEndOfFile.KERNEL32(?,?,?,?,00000000), ref: 69C652F7
                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,00000000), ref: 69C65310
                                                                                                                                                                                                                                        • Part of subcall function 69C22340: GetLastError.KERNEL32(?,00000000), ref: 69C223D6
                                                                                                                                                                                                                                        • Part of subcall function 69C66663: GetLastError.KERNEL32(?,000000FF,0000001C,00000001), ref: 69C666A2
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: ErrorLast$File$Pointer
                                                                                                                                                                                                                                      • String ID: expected to start with $DAPC$c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\client\crash_report_database_win.cc$failed to rewind to write$failed to truncate$failed to write header$failed to write records$failed to write string table
                                                                                                                                                                                                                                      • API String ID: 4162258135-419746783
                                                                                                                                                                                                                                      • Opcode ID: fe1071f7c03a3a82caca408ac861fcbd56a83d2a1efcfa52cda1c5ff2a880811
                                                                                                                                                                                                                                      • Instruction ID: db3f972027df764e666156ab2bd71f300ac2b4336c9c505b4f7c2687e9bacf88
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fe1071f7c03a3a82caca408ac861fcbd56a83d2a1efcfa52cda1c5ff2a880811
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9CA10475940308AAEB18DB64FC95FEDB379AF04318F209099E508BB1D2FF71AA45CB10
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C26AE0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 113COMMONLIBRARYCODE
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: SVWj
                                                                                                                                                                                                                                      • API String ID: 0-3360714375
                                                                                                                                                                                                                                      • Opcode ID: 2aedc68cbdc9d45f04a7853b484659a91c7c4cef2259388f1b358b7a7f46808e
                                                                                                                                                                                                                                      • Instruction ID: 7720cd1074fe7c1fd577a4719d5cccbc7a6c06d911a4c2e6610eae73b0bbd03d
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2aedc68cbdc9d45f04a7853b484659a91c7c4cef2259388f1b358b7a7f46808e
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D0312936A009148FD714DF64F69095E73B4EF40368B5085AADC059B291F731EA42DBE2
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C677EB Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 112COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • GetFileAttributesW.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?,69C6763E,000000FF,?,?), ref: 69C67814
                                                                                                                                                                                                                                        • Part of subcall function 69C67928: OutputDebugStringW.KERNEL32(69C7EDD8,?,69C67900,Failed to create directory %ls, last error is %d,?,000000B7), ref: 69C67949
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      • Failed to create directory %ls, last error is %d, xrefs: 69C678F6
                                                                                                                                                                                                                                      • %hs( %ls directory conflicts with an existing file. ), xrefs: 69C67839
                                                                                                                                                                                                                                      • install_static::`anonymous-namespace'::RecursiveDirectoryCreate, xrefs: 69C6781C
                                                                                                                                                                                                                                      • %hs( %ls directory exists ), xrefs: 69C67825
                                                                                                                                                                                                                                      • Failed to create one of the parent directories, xrefs: 69C678BF
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: AttributesDebugFileOutputString
                                                                                                                                                                                                                                      • String ID: %hs( %ls directory conflicts with an existing file. )$%hs( %ls directory exists )$Failed to create directory %ls, last error is %d$Failed to create one of the parent directories$install_static::`anonymous-namespace'::RecursiveDirectoryCreate
                                                                                                                                                                                                                                      • API String ID: 708965821-2569357656
                                                                                                                                                                                                                                      • Opcode ID: 88436eb92a2fdcbc2866be51c0b296f8a2eebd15e5415008dd800a2139b8db03
                                                                                                                                                                                                                                      • Instruction ID: ea14809b6cd946ecb61db1a948c69751b38c00500b6986fab0288345b3b560de
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 88436eb92a2fdcbc2866be51c0b296f8a2eebd15e5415008dd800a2139b8db03
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E331F434904304ABDF00DAA5FCD5FAE77B8AF47338F605A19E528A71E0FB345906D661
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C3D530 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 65libraryloaderCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • new.LIBCMT ref: 69C3D54D
                                                                                                                                                                                                                                        • Part of subcall function 69C32A20: GetCurrentProcess.KERNEL32(00000000), ref: 69C32A4E
                                                                                                                                                                                                                                        • Part of subcall function 69C32A20: GetModuleHandleW.KERNEL32(kernel32.dll,IsWow64Process), ref: 69C32A64
                                                                                                                                                                                                                                        • Part of subcall function 69C32A20: GetProcAddress.KERNEL32(00000000), ref: 69C32A6B
                                                                                                                                                                                                                                        • Part of subcall function 69C32A20: GetVersionExW.KERNEL32(0000011C), ref: 69C32AE0
                                                                                                                                                                                                                                        • Part of subcall function 69C32A20: GetNativeSystemInfo.KERNEL32(?), ref: 69C32B3C
                                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(kernel32.dll), ref: 69C3D5B7
                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,InitializeProcThreadAttributeList), ref: 69C3D5CB
                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,UpdateProcThreadAttribute), ref: 69C3D5D8
                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,DeleteProcThreadAttributeList), ref: 69C3D5E5
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      • InitializeProcThreadAttributeList, xrefs: 69C3D5C5
                                                                                                                                                                                                                                      • DeleteProcThreadAttributeList, xrefs: 69C3D5DA
                                                                                                                                                                                                                                      • kernel32.dll, xrefs: 69C3D5B2
                                                                                                                                                                                                                                      • UpdateProcThreadAttribute, xrefs: 69C3D5CD
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: AddressProc$HandleModule$CurrentInfoNativeProcessSystemVersion
                                                                                                                                                                                                                                      • String ID: DeleteProcThreadAttributeList$InitializeProcThreadAttributeList$UpdateProcThreadAttribute$kernel32.dll
                                                                                                                                                                                                                                      • API String ID: 4189602493-1491343547
                                                                                                                                                                                                                                      • Opcode ID: 5ca2af53a3d7b4cef546b81d4a1ac9e116bfa1d01bf10a820b0353755d38b8e6
                                                                                                                                                                                                                                      • Instruction ID: 11e71bda930b512f61b12353007d38a8b7510ba42f3b4ec629c9b4837032ab70
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5ca2af53a3d7b4cef546b81d4a1ac9e116bfa1d01bf10a820b0353755d38b8e6
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6511E6B5A063609BEF10DB64AD5076A3EF4ABC7329F90043EE50597240F7784845C7A6
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C4FA90 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • _free.LIBCMT ref: 69C4FAA4
                                                                                                                                                                                                                                        • Part of subcall function 69C4CBA5: HeapFree.KERNEL32(00000000,00000000,?,69C5A020,00000000,00000000,00000000,00000000,?,69C5A2C4,00000000,00000007,00000000,?,69C58081,00000000), ref: 69C4CBBB
                                                                                                                                                                                                                                        • Part of subcall function 69C4CBA5: GetLastError.KERNEL32(00000000,?,69C5A020,00000000,00000000,00000000,00000000,?,69C5A2C4,00000000,00000007,00000000,?,69C58081,00000000,00000000), ref: 69C4CBCD
                                                                                                                                                                                                                                      • _free.LIBCMT ref: 69C4FAB0
                                                                                                                                                                                                                                      • _free.LIBCMT ref: 69C4FABB
                                                                                                                                                                                                                                      • _free.LIBCMT ref: 69C4FAC6
                                                                                                                                                                                                                                      • _free.LIBCMT ref: 69C4FAD1
                                                                                                                                                                                                                                      • _free.LIBCMT ref: 69C4FADC
                                                                                                                                                                                                                                      • _free.LIBCMT ref: 69C4FAE7
                                                                                                                                                                                                                                      • _free.LIBCMT ref: 69C4FAF2
                                                                                                                                                                                                                                      • _free.LIBCMT ref: 69C4FAFD
                                                                                                                                                                                                                                      • _free.LIBCMT ref: 69C4FB0B
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 776569668-0
                                                                                                                                                                                                                                      • Opcode ID: 7110a9e48fe4fd9861265fb5d50f395661b49636f0feaab5c646ac3830da9ad4
                                                                                                                                                                                                                                      • Instruction ID: 67d8e00f68856bc154961c6f625679d32cc3dbc48dd8dc46f9028dd9d64ff89d
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7110a9e48fe4fd9861265fb5d50f395661b49636f0feaab5c646ac3830da9ad4
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C911B6BA650508BFDF01DF54E880CD93BA5EF44654B01E0A5BE488F271EB32DB589B81
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C5C926 Relevance: 13.8, APIs: 9, Instructions: 300COMMONLIBRARYCODE
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 58652288ce96af1a62123ad052cae5c46b056abac0944fee417654110ea4e2fe
                                                                                                                                                                                                                                      • Instruction ID: 4193e80e27d434498b7b0a8bd95e6ec8bfe1f03605b831823e96865fc5367804
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 58652288ce96af1a62123ad052cae5c46b056abac0944fee417654110ea4e2fe
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BAC10B74E842499FDF01CFACE840BAD7BB5FF4A324F048158D452AB391E7349961CB65
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C5BE3D Relevance: 13.8, APIs: 9, Instructions: 272COMMONLIBRARYCODE
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                        • Part of subcall function 69C5BB7C: CreateFileW.KERNEL32(00000000,00000000,?,69C5BEE6,?,?,00000000,?,69C5BEE6,00000000,0000000C), ref: 69C5BB99
                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 69C5BF51
                                                                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 69C5BF58
                                                                                                                                                                                                                                      • GetFileType.KERNEL32(00000000), ref: 69C5BF64
                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 69C5BF6E
                                                                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 69C5BF77
                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 69C5BF97
                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 69C5C0E1
                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 69C5C113
                                                                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 69C5C11A
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 4237864984-0
                                                                                                                                                                                                                                      • Opcode ID: 042a36def87d59f97d5e17a9f63c18a03db0e8bfea843ab166aaf4b444cc0dee
                                                                                                                                                                                                                                      • Instruction ID: 02e363a79685bd8be0d015a97dc362615d0298cba5fb34ad88d3b45252221aaf
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 042a36def87d59f97d5e17a9f63c18a03db0e8bfea843ab166aaf4b444cc0dee
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 94A14436A141588FDF08CF68E851BAE3FB5EB4A324F144159E812EF3D1E7349922CB56
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C577D1 Relevance: 13.7, APIs: 9, Instructions: 209COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 1282221369-0
                                                                                                                                                                                                                                      • Opcode ID: d704c7d4f3251b5708e62c412f0976ec02310c6d22c9b93147ba133822eec98d
                                                                                                                                                                                                                                      • Instruction ID: 88e104d9cbe5e61f78fbcec164aecf444a0a773e4e40b92ce37712b932d83304
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d704c7d4f3251b5708e62c412f0976ec02310c6d22c9b93147ba133822eec98d
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B2616972A043106FEF11DF69A840AAD7BB4AF02764F00C16DDC56AB281F73286B1D795
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C4018B Relevance: 13.7, APIs: 9, Instructions: 200COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,?,?,?), ref: 69C401D4
                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?), ref: 69C40268
                                                                                                                                                                                                                                      • ___crtCompareStringEx.LIBCPMT ref: 69C40282
                                                                                                                                                                                                                                      • ___crtCompareStringEx.LIBCPMT ref: 69C402BE
                                                                                                                                                                                                                                      • ___crtCompareStringEx.LIBCPMT ref: 69C40337
                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,?,00000000,00000000), ref: 69C40352
                                                                                                                                                                                                                                      • __freea.LIBCMT ref: 69C4035F
                                                                                                                                                                                                                                        • Part of subcall function 69C4C844: HeapAlloc.KERNEL32(00000000,0000010C,00000004,?,69C4C8A7,?,00000000,?,69C57B70,0000010C,00000004,?,0000010C,?,?,69C4DB9D), ref: 69C4C876
                                                                                                                                                                                                                                      • __freea.LIBCMT ref: 69C40372
                                                                                                                                                                                                                                      • __freea.LIBCMT ref: 69C4037D
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: ByteCharCompareMultiStringWide___crt__freea$AllocHeap
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2499053095-0
                                                                                                                                                                                                                                      • Opcode ID: 7196d144264a6780f3b1b18813a7ba7c393ff23315be2c6d6f46e8b90e478e9d
                                                                                                                                                                                                                                      • Instruction ID: 59891d077e45d569f2fccbfb0538cd9a58b3f03d6908df84b824fa925f98205a
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7196d144264a6780f3b1b18813a7ba7c393ff23315be2c6d6f46e8b90e478e9d
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7351D472B90216ABDF11CFA5EC80D9E7FA9FB69B54B008529E914E6150FB34C950CB90
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C5F383 Relevance: 13.6, APIs: 9, Instructions: 77COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • OpenProcess.KERNEL32(00000400,00000001,?,00000000,00000000), ref: 69C5F396
                                                                                                                                                                                                                                      • OpenProcessToken.ADVAPI32(00000000,00000008,?,00000000), ref: 69C5F3B3
                                                                                                                                                                                                                                      • GetTokenInformation.ADVAPI32(?,00000001(TokenIntegrityLevel),00000000,00000000,?), ref: 69C5F3CF
                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 69C5F3D5
                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 69C5F3E0
                                                                                                                                                                                                                                      • GetTokenInformation.ADVAPI32(?,00000001(TokenIntegrityLevel),00000000,?,?), ref: 69C5F406
                                                                                                                                                                                                                                      • ConvertSidToStringSidW.ADVAPI32(?,?), ref: 69C5F420
                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 69C5F43C
                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 69C5F443
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: Token$CloseErrorHandleInformationLastOpenProcess$ConvertString
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 1608810797-0
                                                                                                                                                                                                                                      • Opcode ID: 40fb57898508f49c6dae011441e10196fcf973624d0b05ee31a9b89965c99345
                                                                                                                                                                                                                                      • Instruction ID: 7378b08205b37df7a82f71e9f9a2f34651e7e6c413490bfd973d983c8bede6cd
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 40fb57898508f49c6dae011441e10196fcf973624d0b05ee31a9b89965c99345
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4B218E35A40218FFEF019FA6DC89ABE7BBDEF05314F404451F912E2050E7719E62AB61
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C3E6F0 Relevance: 12.6, APIs: 3, Strings: 4, Instructions: 349COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 69C3E754
                                                                                                                                                                                                                                      • GetWindowsDirectoryW.KERNEL32(?,00000104,00000000,?), ref: 69C3E798
                                                                                                                                                                                                                                      • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 69C3E7DB
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: Directory$FileModuleNameSystemWindows
                                                                                                                                                                                                                                      • String ID: Internet Explorer$Microsoft$ProgramW6432$Quick Launch
                                                                                                                                                                                                                                      • API String ID: 592745672-224070340
                                                                                                                                                                                                                                      • Opcode ID: c060a6734335728c84555876baa61a41167b6dadc8a4446ac1fdecc6d9ba436a
                                                                                                                                                                                                                                      • Instruction ID: 9568d229e6a76ef374b51b542943e724728479dbd88036626e006488d66878fa
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c060a6734335728c84555876baa61a41167b6dadc8a4446ac1fdecc6d9ba436a
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F4C1B034268310ABE614DB64EC55FAEB7E8BF81744F90492DF2519B0D0FB71A909CB63
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C21E30 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 190fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • GetModuleFileNameW.KERNEL32(00000000,?,00000104,?), ref: 69C21E54
                                                                                                                                                                                                                                        • Part of subcall function 69C3FC31: std::invalid_argument::invalid_argument.LIBCONCRT ref: 69C3FC3D
                                                                                                                                                                                                                                        • Part of subcall function 69C3FC31: __CxxThrowException@8.LIBVCRUNTIME ref: 69C3FC4B
                                                                                                                                                                                                                                      • new.LIBCMT ref: 69C21F48
                                                                                                                                                                                                                                      • CreateFileW.KERNEL32(?,00000004,00000003,00000000,00000004,00000080,00000000), ref: 69C21F81
                                                                                                                                                                                                                                      • CreateFileW.KERNEL32(?,00000004,00000003,00000000,00000004,00000080,00000000,?,debug.log), ref: 69C22032
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: File$Create$Exception@8ModuleNameThrowstd::invalid_argument::invalid_argument
                                                                                                                                                                                                                                      • String ID: \$debug.log$invalid string position
                                                                                                                                                                                                                                      • API String ID: 3749634790-2581654245
                                                                                                                                                                                                                                      • Opcode ID: 357081b807ed9c750bd27df56aef875ac7788d23b681d0279dbacf4876f68b44
                                                                                                                                                                                                                                      • Instruction ID: 573e03dd2243737405e0dbe926cfcd0b20736da0babcdde007835d3a4f83de5c
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 357081b807ed9c750bd27df56aef875ac7788d23b681d0279dbacf4876f68b44
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 34510574A003189FDB24DF74EC55BAE77B4BF01718F504619E922AB2D0FB71AA06CB51
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C5EEFE Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 104registryCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 69C5EF1F
                                                                                                                                                                                                                                      • RegCreateKeyExW.ADVAPI32(80000002,SOFTWARE\Google\No Chrome Offer Until,00000000,00000000,00000000,0002001F,00000000,?,?,00000000), ref: 69C5EF81
                                                                                                                                                                                                                                      • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?,?,00000000), ref: 69C5EFD4
                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?,00000000), ref: 69C5F03D
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      • SOFTWARE\Google\No Chrome Offer Until, xrefs: 69C5EF6F
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: CloseCreateFileModuleNameQueryValue
                                                                                                                                                                                                                                      • String ID: SOFTWARE\Google\No Chrome Offer Until
                                                                                                                                                                                                                                      • API String ID: 2815806617-1538224596
                                                                                                                                                                                                                                      • Opcode ID: f49bd3686145c2fb2060ff2561dceec454e2c8878d5f4d8753fe62c8b4d3b27e
                                                                                                                                                                                                                                      • Instruction ID: cf39ffc42617b61cd5baf187253e339af1e9b358d25ba3ef52fda5f475b64405
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f49bd3686145c2fb2060ff2561dceec454e2c8878d5f4d8753fe62c8b4d3b27e
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 423132B5A40228AFDB20CF11DC49FEAB7BCEB45310F8041AAF60A96141E7715A95CF69
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C66B55 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 78fileCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • SetFilePointerEx.KERNEL32(69C66322,69C66322,0000001C,?,00000000,00000001), ref: 69C66B7A
                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 69C66B93
                                                                                                                                                                                                                                      • SetEndOfFile.KERNEL32(69C66322), ref: 69C66BE1
                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 69C66BFA
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      • SetFilePointerEx, xrefs: 69C66BB3
                                                                                                                                                                                                                                      • SetEndOfFile, xrefs: 69C66C1A
                                                                                                                                                                                                                                      • c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\file\file_io_win.cc, xrefs: 69C66BA0, 69C66C07
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: ErrorFileLast$Pointer
                                                                                                                                                                                                                                      • String ID: SetEndOfFile$SetFilePointerEx$c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\file\file_io_win.cc
                                                                                                                                                                                                                                      • API String ID: 1697706070-3222943609
                                                                                                                                                                                                                                      • Opcode ID: fbdadac08709b80108ec57b0bed737736f7402103d5f8840fa2870fc72b25824
                                                                                                                                                                                                                                      • Instruction ID: 075edeff228beb803e95bf72a4fd6e82f43836f6ae7388983b9a7f3b8f2e20f9
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fbdadac08709b80108ec57b0bed737736f7402103d5f8840fa2870fc72b25824
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7A215735904B08BAEB14CFA0FDD2FAD7768BF01358F809455E6043A0D1FB3255865914
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C5DDCB Relevance: 10.8, APIs: 7, Instructions: 268COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • GetCPInfo.KERNEL32(?,?), ref: 69C5DE77
                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 69C5DEFA
                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 69C5DF8D
                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 69C5DFA4
                                                                                                                                                                                                                                        • Part of subcall function 69C4C844: HeapAlloc.KERNEL32(00000000,0000010C,00000004,?,69C4C8A7,?,00000000,?,69C57B70,0000010C,00000004,?,0000010C,?,?,69C4DB9D), ref: 69C4C876
                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 69C5E020
                                                                                                                                                                                                                                      • __freea.LIBCMT ref: 69C5E04B
                                                                                                                                                                                                                                      • __freea.LIBCMT ref: 69C5E057
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: ByteCharMultiWide$__freea$AllocHeapInfo
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2171645-0
                                                                                                                                                                                                                                      • Opcode ID: 50c4e2176e6e247271a7bc8e13c80de61e99358da63e3ee2f6903d6932b01917
                                                                                                                                                                                                                                      • Instruction ID: 563c7b4d5bd22db1ffdda85bb509174dc049a296ce414183c30a2e5c524bceb6
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 50c4e2176e6e247271a7bc8e13c80de61e99358da63e3ee2f6903d6932b01917
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8B91D271E00316ABDF10CE64E840EEE7BB5AB59794F05862AE812E7181F775D870CB68
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C59DD6 Relevance: 10.7, APIs: 7, Instructions: 204COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: _free
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 269201875-0
                                                                                                                                                                                                                                      • Opcode ID: f61108f0a8b825492974f0b247afc1dfe8301811278908e8b899d6613912d57a
                                                                                                                                                                                                                                      • Instruction ID: 1a1887a081cd9580d4a068b2f1a62aebc8c8671ad9425f8572c6e2325df51f75
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f61108f0a8b825492974f0b247afc1dfe8301811278908e8b899d6613912d57a
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0E61D3B5E04605AFDB20CF68E841B9ABBF5FF45710F5081AAEC45EB280F77099618B54
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C49040 Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • GetConsoleCP.KERNEL32(?,?,?,?,?,?,?,?,?,69C497B5,?,?,?,?,?,?), ref: 69C49082
                                                                                                                                                                                                                                      • __fassign.LIBCMT ref: 69C490FD
                                                                                                                                                                                                                                      • __fassign.LIBCMT ref: 69C49118
                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,?,00000005,00000000,00000000), ref: 69C4913E
                                                                                                                                                                                                                                      • WriteFile.KERNEL32(?,?,00000000,69C497B5,00000000,?,?,?,?,?,?,?,?,?,69C497B5,?), ref: 69C4915D
                                                                                                                                                                                                                                      • WriteFile.KERNEL32(?,?,00000001,69C497B5,00000000,?,?,?,?,?,?,?,?,?,69C497B5,?), ref: 69C49196
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 1324828854-0
                                                                                                                                                                                                                                      • Opcode ID: 2d6ed89d5ed36f3526697052d18092fe9b23a46de53c633a2160b3411bf30de4
                                                                                                                                                                                                                                      • Instruction ID: b946b100b0677b4ea3fc3f26c25a8fa2b84d0c874464d6033297481f9cb2c565
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2d6ed89d5ed36f3526697052d18092fe9b23a46de53c633a2160b3411bf30de4
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C751E575E002599FDF00CFA8D945AEEBBF8FF49B10F10411AE955E7291E730AA41CB61
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C3B420 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 146COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: false$null$true
                                                                                                                                                                                                                                      • API String ID: 0-2913297407
                                                                                                                                                                                                                                      • Opcode ID: a6489fcf39540489a4fb520f7f300ca0056f60a4cd6b0dfb3c318ea86b050e82
                                                                                                                                                                                                                                      • Instruction ID: 084b49dffa0c13df5e702cc2b103e7bf8b233e43442227a9b56ec9dec1476a51
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a6489fcf39540489a4fb520f7f300ca0056f60a4cd6b0dfb3c318ea86b050e82
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4C51E2799047499FD710CF78E441BAABBF5FF45304F0086AAC8999B602F731A64ACF51
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C602FF Relevance: 10.6, APIs: 7, Instructions: 141sleepCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • CoInitializeEx.OLE32(00000000,00000002,?), ref: 69C60349
                                                                                                                                                                                                                                      • CoUninitialize.OLE32(00000001,00000000,?,00000000), ref: 69C6038E
                                                                                                                                                                                                                                      • LaunchGoogleChrome.GCAPI(00000001,00000000,?,00000000), ref: 69C60381
                                                                                                                                                                                                                                        • Part of subcall function 69C5FFEC: CoInitializeEx.OLE32(00000000,00000002), ref: 69C60024
                                                                                                                                                                                                                                        • Part of subcall function 69C5FFEC: CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000006,00000002,00000000,00000040,00000000), ref: 69C60039
                                                                                                                                                                                                                                        • Part of subcall function 69C5FFEC: GetCurrentProcessId.KERNEL32(?), ref: 69C60064
                                                                                                                                                                                                                                        • Part of subcall function 69C5FFEC: GetShellWindow.USER32 ref: 69C60087
                                                                                                                                                                                                                                        • Part of subcall function 69C5FFEC: GetWindowThreadProcessId.USER32(00000000), ref: 69C6008E
                                                                                                                                                                                                                                        • Part of subcall function 69C5FFEC: LocalFree.KERNEL32(?), ref: 69C600A2
                                                                                                                                                                                                                                        • Part of subcall function 69C5FFEC: CoUninitialize.OLE32 ref: 69C602D1
                                                                                                                                                                                                                                      • CoUninitialize.OLE32(00000001,00000000,?,00000000), ref: 69C603AF
                                                                                                                                                                                                                                      • LaunchGoogleChrome.GCAPI ref: 69C603C9
                                                                                                                                                                                                                                      • EnumWindows.USER32(69C5F056,?), ref: 69C6044C
                                                                                                                                                                                                                                      • Sleep.KERNEL32(0000000A), ref: 69C6046A
                                                                                                                                                                                                                                        • Part of subcall function 69C288E0: new.LIBCMT ref: 69C28900
                                                                                                                                                                                                                                        • Part of subcall function 69C288E0: new.LIBCMT ref: 69C2893C
                                                                                                                                                                                                                                        • Part of subcall function 69C288E0: new.LIBCMT ref: 69C28979
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: InitializeUninitialize$ChromeGoogleLaunchProcessWindow$CurrentEnumFreeLocalSecurityShellSleepThreadWindows
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 1477501081-0
                                                                                                                                                                                                                                      • Opcode ID: 28b74b9a289c749cb37e95cf3d47b9633d27fd90ae2a72c6f552fc9c2e475b42
                                                                                                                                                                                                                                      • Instruction ID: 4845401c43c0e034f4de401853a0cc029cf4a4625bf8e1948ce021a16bf58474
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 28b74b9a289c749cb37e95cf3d47b9633d27fd90ae2a72c6f552fc9c2e475b42
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0C51BF35D012589FCB00CFA5F991BEDBBB8BF05324F10412AE921B71A1FBB05909CB61
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C6767F Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 139COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • ExpandEnvironmentStringsW.KERNEL32(%LOCALAPPDATA%,00000000,00000000,00000000,?,?,?,?,?,?,?,69C67616,?,69C6FB90,000000FF,69C78A68), ref: 69C6769E
                                                                                                                                                                                                                                      • ExpandEnvironmentStringsW.KERNEL32(%LOCALAPPDATA%,00000000,00000000,?,?,?,?,?,69C67616,?,69C6FB90,000000FF,69C78A68,00000000,Software\Google\Update\ClientState), ref: 69C676C8
                                                                                                                                                                                                                                      • GetTempPathW.KERNEL32(00000000,00000000,?,?,?,?,?,69C67616,?,69C6FB90,000000FF,69C78A68,00000000,Software\Google\Update\ClientState), ref: 69C676E9
                                                                                                                                                                                                                                      • GetTempPathW.KERNEL32(00000001,00000000,?,?,?,?,?,69C67616,?,69C6FB90,000000FF,69C78A68,00000000,Software\Google\Update\ClientState), ref: 69C67718
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: EnvironmentExpandPathStringsTemp
                                                                                                                                                                                                                                      • String ID: %LOCALAPPDATA%$User Data
                                                                                                                                                                                                                                      • API String ID: 442586119-612141592
                                                                                                                                                                                                                                      • Opcode ID: ebd49cc4cbeeb24c22015eafb82e9aa879f58a7ae5f2627a67df2b1a18d8ed12
                                                                                                                                                                                                                                      • Instruction ID: ae01698d984d3ba3de1908d78b05b3d7a12cb5cb1201bea7c0f09ad3e8eef8dd
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ebd49cc4cbeeb24c22015eafb82e9aa879f58a7ae5f2627a67df2b1a18d8ed12
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 003142357002106BDB149A38BDE9E7F77ACEF82B64B10952EE806DB190FF20DC0182B0
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C5F1A9 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 112COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • GetFileVersionInfoSizeW.VERSION(?,?,?,00000000,00000000,?,69C5EF48,?,?,00000208), ref: 69C5F1D9
                                                                                                                                                                                                                                      • GetFileVersionInfoW.VERSION(?,?,00002000,?,?,?,00000208), ref: 69C5F217
                                                                                                                                                                                                                                      • VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,?,?,?,00002000,?,?,?,00000208), ref: 69C5F24A
                                                                                                                                                                                                                                      • VerQueryValueW.VERSION(?,?,?,?,\VarFileInfo\Translation,?,?,?,?,00002000,?,?,?,00000208), ref: 69C5F2C1
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      • \StringFileInfo\%02X%02X%02X%02X\CompanyName, xrefs: 69C5F286
                                                                                                                                                                                                                                      • \VarFileInfo\Translation, xrefs: 69C5F23E
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: FileInfoQueryValueVersion$Size
                                                                                                                                                                                                                                      • String ID: \StringFileInfo\%02X%02X%02X%02X\CompanyName$\VarFileInfo\Translation
                                                                                                                                                                                                                                      • API String ID: 2099394744-937506062
                                                                                                                                                                                                                                      • Opcode ID: 1da150b9443c94917f10a65aceffcfed5bc4f0d6300ae5d83629c84da95cbbbb
                                                                                                                                                                                                                                      • Instruction ID: e650abd6ee291f6126e56e65f2ec9c6e3788387ac67083bea4a9679ec3b0b997
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1da150b9443c94917f10a65aceffcfed5bc4f0d6300ae5d83629c84da95cbbbb
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DA3186F9A002286BEB24DA55EC41EDF77FCAB44200FD045D6FA25D3142EA309A64DB68
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C43327 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 104COMMONLIBRARYCODE
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • EncodePointer.KERNEL32(00000000,00000000,?,?,?,?,?,?,69C7B5AC,19930522,00000000,1FFFFFFF), ref: 69C4334E
                                                                                                                                                                                                                                      • _CallSETranslator.LIBVCRUNTIME ref: 69C43381
                                                                                                                                                                                                                                      • _GetRangeOfTrysToCheck.LIBVCRUNTIME ref: 69C433AA
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: CallCheckEncodePointerRangeTranslatorTrys
                                                                                                                                                                                                                                      • String ID: MOC$RCC$U"
                                                                                                                                                                                                                                      • API String ID: 877623402-3732758283
                                                                                                                                                                                                                                      • Opcode ID: e67bbc61ef93d82a854acc5daf3d24b6e12e797a9617a8a47d3ccae3ae15dedc
                                                                                                                                                                                                                                      • Instruction ID: 66d05c86cfe2e0c1addd58ecb57f3ac9479bc6a79e63127256afd1bbad1f08db
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e67bbc61ef93d82a854acc5daf3d24b6e12e797a9617a8a47d3ccae3ae15dedc
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BE416B32600149EFDF02CF40D981EAEBB76FF88B14F259548E91467251E775ED51CBA0
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C6411C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 98fileCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • CreateFileW.KERNEL32(?,C0000000,00000003,00000000,00000004,00000080,00000000,?), ref: 69C64149
                                                                                                                                                                                                                                      • LockFileEx.KERNEL32(00000000,00000002,00000000,000000FF,000000FF,?), ref: 69C6417F
                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 69C64198
                                                                                                                                                                                                                                      • new.LIBCMT ref: 69C641D9
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      • c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\client\crash_report_database_win.cc, xrefs: 69C641A5
                                                                                                                                                                                                                                      • LockFileEx, xrefs: 69C641B8
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: File$CreateErrorLastLock
                                                                                                                                                                                                                                      • String ID: LockFileEx$c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\client\crash_report_database_win.cc
                                                                                                                                                                                                                                      • API String ID: 3875127904-1259685872
                                                                                                                                                                                                                                      • Opcode ID: 557f46b00c23b8fd46f4f42f50a0d279b0caed766ed07457d56dd0132aac2a5d
                                                                                                                                                                                                                                      • Instruction ID: 61e94eec65d073cb7a9c58d0175f35f4bf54b28b351ac968d82b557cf3d25b51
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 557f46b00c23b8fd46f4f42f50a0d279b0caed766ed07457d56dd0132aac2a5d
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D931F535604314BFD720CFB8ECA1B9AB7E8BF05B24F104229F655EB2D1E73099008B90
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C27950 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 93COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: Getcvt
                                                                                                                                                                                                                                      • String ID: false$true
                                                                                                                                                                                                                                      • API String ID: 1921796781-2658103896
                                                                                                                                                                                                                                      • Opcode ID: 9c0830689b706f0b3eb7845bf9c81c4d2c8e6637f80644203ca52c0f1ec7158c
                                                                                                                                                                                                                                      • Instruction ID: 87d1dc6177375cfc987d60925de29a678fa0c600c0c41e2c05fe85d322dcc190
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9c0830689b706f0b3eb7845bf9c81c4d2c8e6637f80644203ca52c0f1ec7158c
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 77319C359042549FEB10DF68A480BABBFB4AF46314F08C49ED8844F345E3B2EA008BA1
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C273E0 Relevance: 10.6, APIs: 7, Instructions: 87COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 69C273EE
                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 69C2740A
                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 69C2742A
                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 69C27471
                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 69C274AD
                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 69C274B8
                                                                                                                                                                                                                                      • _abort.LIBCMT ref: 69C274C6
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::~_$Lockit::_$Facet_Register_abort
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 954195503-0
                                                                                                                                                                                                                                      • Opcode ID: ab6445e6cd6f571172689014814f00add7f5941d69e5285c5dc83a26c68974f5
                                                                                                                                                                                                                                      • Instruction ID: d8eb710033e2e66986bf49e9f55db171ad1939604352e430942685fd8af823c6
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ab6445e6cd6f571172689014814f00add7f5941d69e5285c5dc83a26c68974f5
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0D31AE369012249FCB11DF58E98099DBBB4EF45324F5495A9D8099B211FB30BE02EFE2
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C3E580 Relevance: 10.6, APIs: 7, Instructions: 87COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 69C3E58E
                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 69C3E5AA
                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 69C3E5CA
                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 69C3E611
                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 69C3E64D
                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 69C3E658
                                                                                                                                                                                                                                      • _abort.LIBCMT ref: 69C3E666
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::~_$Lockit::_$Facet_Register_abort
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 954195503-0
                                                                                                                                                                                                                                      • Opcode ID: 7800627c8903baa6e885248ff2c53119424326048821349a4074ae294c5d87a3
                                                                                                                                                                                                                                      • Instruction ID: 679c7ab89cddb71fb08b0e716e7f003569b4545f5afd3601a41d87b9b9a6562a
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7800627c8903baa6e885248ff2c53119424326048821349a4074ae294c5d87a3
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7B31D1369051389FCB11DF58F6809ADBBB4EF46328B91C5A9D80597211FB31AE02CFC2
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C274E0 Relevance: 10.6, APIs: 7, Instructions: 87COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 69C274EE
                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 69C2750A
                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 69C2752A
                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 69C27571
                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 69C275AD
                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 69C275B8
                                                                                                                                                                                                                                      • _abort.LIBCMT ref: 69C275C6
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::~_$Lockit::_$Facet_Register_abort
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 954195503-0
                                                                                                                                                                                                                                      • Opcode ID: fa4819c9de607170d0315f9353097616a5e604aa3d1b31cc308fd850d747134c
                                                                                                                                                                                                                                      • Instruction ID: 47643043a42ad37ad81f5fd7dfc4acce2ab073cb1433feb4e35f195457fc17c8
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fa4819c9de607170d0315f9353097616a5e604aa3d1b31cc308fd850d747134c
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3C31BD369052249FCB11DF58EAC099DF7B4EF45324B5085BAD8099B210FB30BA02EFD2
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C5A2AB Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                        • Part of subcall function 69C59FF2: _free.LIBCMT ref: 69C5A01B
                                                                                                                                                                                                                                      • _free.LIBCMT ref: 69C5A2F9
                                                                                                                                                                                                                                        • Part of subcall function 69C4CBA5: HeapFree.KERNEL32(00000000,00000000,?,69C5A020,00000000,00000000,00000000,00000000,?,69C5A2C4,00000000,00000007,00000000,?,69C58081,00000000), ref: 69C4CBBB
                                                                                                                                                                                                                                        • Part of subcall function 69C4CBA5: GetLastError.KERNEL32(00000000,?,69C5A020,00000000,00000000,00000000,00000000,?,69C5A2C4,00000000,00000007,00000000,?,69C58081,00000000,00000000), ref: 69C4CBCD
                                                                                                                                                                                                                                      • _free.LIBCMT ref: 69C5A304
                                                                                                                                                                                                                                      • _free.LIBCMT ref: 69C5A30F
                                                                                                                                                                                                                                      • _free.LIBCMT ref: 69C5A363
                                                                                                                                                                                                                                      • _free.LIBCMT ref: 69C5A36E
                                                                                                                                                                                                                                      • _free.LIBCMT ref: 69C5A379
                                                                                                                                                                                                                                      • _free.LIBCMT ref: 69C5A384
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 776569668-0
                                                                                                                                                                                                                                      • Opcode ID: 9f76696241dda59e37702b6c7b8591e1945ed59e411e7bea7a02caf6cd15d4c2
                                                                                                                                                                                                                                      • Instruction ID: bbf3d7dfedac22545cea4b3f27f556526725cf84f13bd6be87c7b585d99802bc
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9f76696241dda59e37702b6c7b8591e1945ed59e411e7bea7a02caf6cd15d4c2
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 09117FB5641F14AAEA21EBB0EC45FCBB79C6F00704F80DD54E69B660A0FB25B52AC750
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C455A6 Relevance: 10.6, APIs: 7, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • GetLastError.KERNEL32(00000001,?,69C4548D,69C40D47,69C4093D,?,69C40B4D,?,00000001,?,?,00000001,?,69C7B430,0000000C,69C40C56), ref: 69C455B4
                                                                                                                                                                                                                                      • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 69C455C2
                                                                                                                                                                                                                                      • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 69C455DB
                                                                                                                                                                                                                                      • SetLastError.KERNEL32(00000000,69C40B4D,?,00000001,?,?,00000001,?,69C7B430,0000000C,69C40C56,?,00000001,?), ref: 69C4562D
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 3852720340-0
                                                                                                                                                                                                                                      • Opcode ID: 59cf13e51ff526468d27c08a2d8bbe3a424531f477bbb9798a3ad586413d8cc7
                                                                                                                                                                                                                                      • Instruction ID: a01de59609c476c16ee87e054c6375e5bd39c4d3a5ad9a271b5587fab8d15f33
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 59cf13e51ff526468d27c08a2d8bbe3a424531f477bbb9798a3ad586413d8cc7
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1C01B17670D3E16EEB016AB57D86A9A3B65FB42F78F20122BF824D82D0FF514803D181
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C3F0D2 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
                                                                                                                                                                                                                                      • API String ID: 0-1718035505
                                                                                                                                                                                                                                      • Opcode ID: ae8cf25966f4fe63fed5136ca39f4c12619991e52fbe5d9e13a8a25ca904f668
                                                                                                                                                                                                                                      • Instruction ID: 0c79312a618f57ae909908038f37833b69b63261c39f3af7d2ae323cd401a539
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ae8cf25966f4fe63fed5136ca39f4c12619991e52fbe5d9e13a8a25ca904f668
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 940128712462726FBF101D79BDC459737B86A873653D00D3AE962D7200FB12C006B2A1
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C461B6 Relevance: 9.3, APIs: 6, Instructions: 264COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • __allrem.LIBCMT ref: 69C46343
                                                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 69C4635F
                                                                                                                                                                                                                                      • __allrem.LIBCMT ref: 69C46376
                                                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 69C46394
                                                                                                                                                                                                                                      • __allrem.LIBCMT ref: 69C463AB
                                                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 69C463C9
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 1992179935-0
                                                                                                                                                                                                                                      • Opcode ID: eb28e984e25da9783835f8272df4ce7e389c0037cec3ff910c796465c90b5c8c
                                                                                                                                                                                                                                      • Instruction ID: 3c2233fe5ca28e1cd76dd2eb7fec6bdb5056ef203f6c13a95d8c46dbc47f5b6e
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: eb28e984e25da9783835f8272df4ce7e389c0037cec3ff910c796465c90b5c8c
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F6812775B00F0AABE324CE68EE80B5A73F9EF45B68F10853AE511D7685FB70D9508B50
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C54D05 Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,69C487AF,69C487AF,?,?,?,69C54F56,00000001,00000001,FCE85006), ref: 69C54D5F
                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,69C54F56,00000001,00000001,FCE85006,?,?,?), ref: 69C54DE5
                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,FCE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 69C54EDF
                                                                                                                                                                                                                                      • __freea.LIBCMT ref: 69C54EEC
                                                                                                                                                                                                                                        • Part of subcall function 69C4C844: HeapAlloc.KERNEL32(00000000,0000010C,00000004,?,69C4C8A7,?,00000000,?,69C57B70,0000010C,00000004,?,0000010C,?,?,69C4DB9D), ref: 69C4C876
                                                                                                                                                                                                                                      • __freea.LIBCMT ref: 69C54EF5
                                                                                                                                                                                                                                      • __freea.LIBCMT ref: 69C54F1A
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: ByteCharMultiWide__freea$AllocHeap
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 3147120248-0
                                                                                                                                                                                                                                      • Opcode ID: 08b3318afe663e37608f5d0f93c3b32ce5af2324993c2c16333d374e5497bd85
                                                                                                                                                                                                                                      • Instruction ID: 2438162d4ae11ebb29c57a5215392eea73c896e82142d8fb82f4188ac138e182
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 08b3318afe663e37608f5d0f93c3b32ce5af2324993c2c16333d374e5497bd85
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FC51D072700216AFEB15CF68EC40EABBBA9FB44B94F118629E916D7140FB74DC70C654
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C3C070 Relevance: 9.2, APIs: 6, Instructions: 178COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                        • Part of subcall function 69C3C2B0: Sleep.KERNEL32(00000000,?,?,?,69C3C09F,?,00000000,?), ref: 69C3C2F2
                                                                                                                                                                                                                                      • AcquireSRWLockExclusive.KERNEL32(00000000,?,00000000,?), ref: 69C3C0C4
                                                                                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32(00000000,?,00000000,000000FF,?,?), ref: 69C3C105
                                                                                                                                                                                                                                        • Part of subcall function 69C2F000: GetCurrentDirectoryW.KERNEL32(00000104,?,?), ref: 69C2F02B
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: ExclusiveLock$AcquireCurrentDirectoryReleaseSleep
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 1427338700-0
                                                                                                                                                                                                                                      • Opcode ID: 8812605fd61d380b0429046cbc95bfef119cadb51f99bc702d6bfd073caa177a
                                                                                                                                                                                                                                      • Instruction ID: 48b6265802403f8008e1304614329f8640cad50957aacdb444e4f018d47f4375
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8812605fd61d380b0429046cbc95bfef119cadb51f99bc702d6bfd073caa177a
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D251C9356482619BDF24DF65E841FFEB3A8BF85324F80461DE86E97180FB316405CBA2
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C34E80 Relevance: 9.1, APIs: 6, Instructions: 129COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • AcquireSRWLockExclusive.KERNEL32(00000000,00000000,00000000,00000000), ref: 69C34EDB
                                                                                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32(00000000), ref: 69C34F0A
                                                                                                                                                                                                                                      • AcquireSRWLockExclusive.KERNEL32(00000000,00000000,00000000,00000000), ref: 69C34F5A
                                                                                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32(00000000), ref: 69C34F91
                                                                                                                                                                                                                                      • AcquireSRWLockExclusive.KERNEL32(00000000,00000000,00000000,00000000), ref: 69C34FCD
                                                                                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32(00000000), ref: 69C3500A
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: ExclusiveLock$AcquireRelease
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 17069307-0
                                                                                                                                                                                                                                      • Opcode ID: 6782144d24456dc1596331de066411c1fca5c85defc375e8546d8aebfa77786f
                                                                                                                                                                                                                                      • Instruction ID: dc45d52f45e7b4aa3a93d6ddd949a9d58b39142831fd86a2b39053b47130a1d8
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6782144d24456dc1596331de066411c1fca5c85defc375e8546d8aebfa77786f
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C241E336E026309BCB04DF68E5407ADBBB8BF8A354F954158D819E7380FF319E018B92
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C4FBB0 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • GetLastError.KERNEL32(00000008,69C21DE7,69C4EBE2,69C45DC7), ref: 69C4FBB4
                                                                                                                                                                                                                                      • _free.LIBCMT ref: 69C4FBE7
                                                                                                                                                                                                                                      • _free.LIBCMT ref: 69C4FC0F
                                                                                                                                                                                                                                      • SetLastError.KERNEL32(00000000,00000008,69C21DE7), ref: 69C4FC1C
                                                                                                                                                                                                                                      • SetLastError.KERNEL32(00000000,00000008,69C21DE7), ref: 69C4FC28
                                                                                                                                                                                                                                      • _abort.LIBCMT ref: 69C4FC2E
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: ErrorLast$_free$_abort
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 3160817290-0
                                                                                                                                                                                                                                      • Opcode ID: c6a85edba0e490b7328fb3e08c39b0b9d0b621e59c042ef8d8a8245e67565d53
                                                                                                                                                                                                                                      • Instruction ID: 072d32bf25709897d56f51e8c7020afca49a7665610db1b3cba11013ff009d8e
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c6a85edba0e490b7328fb3e08c39b0b9d0b621e59c042ef8d8a8245e67565d53
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 34F0C83A7946516FE61256297E09F5E2639EFD3F76F219014FC14E61C0FF218807A122
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C2F520 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 203COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: vector<T> too long
                                                                                                                                                                                                                                      • API String ID: 0-3788999226
                                                                                                                                                                                                                                      • Opcode ID: e7ccd7ff7f553f97eba2bbe306dcf2f2ae098c85e84cebe0286907a4e02df015
                                                                                                                                                                                                                                      • Instruction ID: 7e9de5d3b3cfaaa1688ed80ea5eb331feb25d830c893c7e4d2dea64c2e3c7931
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e7ccd7ff7f553f97eba2bbe306dcf2f2ae098c85e84cebe0286907a4e02df015
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 545137366043055FE711CE68AD90F5BB7EAEF88B24F100639F96897290FB71D9048792
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C220B0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 164fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: CloseDeleteFileHandle
                                                                                                                                                                                                                                      • String ID: vmodule
                                                                                                                                                                                                                                      • API String ID: 2633145722-2939338212
                                                                                                                                                                                                                                      • Opcode ID: 3f1d7535164b04e2ef3089d1c8060a07107c80bf4179094d1a4514836f63d347
                                                                                                                                                                                                                                      • Instruction ID: 3fc505c6eaa3cc565b15c5b216d492966092c947e2759110465ac79564feb90d
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3f1d7535164b04e2ef3089d1c8060a07107c80bf4179094d1a4514836f63d347
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9151EDB46183409FDB08CF24E494B5BBBF5FB86318F00891DE9558B291EB76D846CB92
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C64485 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 126COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • GetFileAttributesW.KERNEL32(69C6FB90,00000000,00000000,00000004), ref: 69C644B0
                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 69C644CE
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      • c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\client\crash_report_database_win.cc, xrefs: 69C644DB, 69C64561
                                                                                                                                                                                                                                      • GetFileAttributes , xrefs: 69C64507, 69C64592
                                                                                                                                                                                                                                      • : not a directory, xrefs: 69C64571
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: AttributesErrorFileLast
                                                                                                                                                                                                                                      • String ID: : not a directory$GetFileAttributes $c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\client\crash_report_database_win.cc
                                                                                                                                                                                                                                      • API String ID: 1799206407-2199784763
                                                                                                                                                                                                                                      • Opcode ID: 6c8029aba4113d9cb1c7f765243b1eda2d496bc5529a556dff00ac526bc12a33
                                                                                                                                                                                                                                      • Instruction ID: b7f88992cb00b084392e3fd370e47b60c53ef619d8fa9f6a516ec55b963380fd
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6c8029aba4113d9cb1c7f765243b1eda2d496bc5529a556dff00ac526bc12a33
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A23166369503086AEB04DBB4FCA6FBE73ACEF01338F10521AF5156B0D1FF2169858664
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C45300 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • _ValidateLocalCookies.LIBCMT ref: 69C4532B
                                                                                                                                                                                                                                      • __IsNonwritableInCurrentImage.LIBCMT ref: 69C453A5
                                                                                                                                                                                                                                        • Part of subcall function 69C5E550: __FindPESection.LIBCMT ref: 69C5E5A9
                                                                                                                                                                                                                                      • _ValidateLocalCookies.LIBCMT ref: 69C45419
                                                                                                                                                                                                                                      • _ValidateLocalCookies.LIBCMT ref: 69C45444
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: CookiesLocalValidate$CurrentFindImageNonwritableSection
                                                                                                                                                                                                                                      • String ID: csm
                                                                                                                                                                                                                                      • API String ID: 1685366865-1018135373
                                                                                                                                                                                                                                      • Opcode ID: d8ea3226ebb7be6f08f00e2cbf387c2e3fa3d42bb4a85f173eaab9ddb0a0324b
                                                                                                                                                                                                                                      • Instruction ID: d65108412929b0159a8029c6546a1f42ba7e90665fc213bc1a036ed3332e934b
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d8ea3226ebb7be6f08f00e2cbf387c2e3fa3d42bb4a85f173eaab9ddb0a0324b
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8F41C334B00258ABCF00CF59E880A9EBBB5BF45728F50D196E815DB291E771DA02CFE1
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C6421A Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 87COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • CreateDirectoryW.KERNEL32(69C6FB90,00000000,?,00000000,00000004), ref: 69C64247
                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000000,00000004), ref: 69C64258
                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000000,00000004), ref: 69C64278
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      • c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\client\crash_report_database_win.cc, xrefs: 69C64285
                                                                                                                                                                                                                                      • CreateDirectory , xrefs: 69C642B1
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: ErrorLast$CreateDirectory
                                                                                                                                                                                                                                      • String ID: CreateDirectory $c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\client\crash_report_database_win.cc
                                                                                                                                                                                                                                      • API String ID: 1306683694-1373056967
                                                                                                                                                                                                                                      • Opcode ID: 4ae309d829cf4c6ae26a00ba0fc1e19fd63aa16dc642d95a2784cb1b35702fdc
                                                                                                                                                                                                                                      • Instruction ID: e8d450a2c953a65a3d93ce749aff9a5c525bc501a92872d037b34bdf4f73090a
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4ae309d829cf4c6ae26a00ba0fc1e19fd63aa16dc642d95a2784cb1b35702fdc
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 23210435640308AADB04DFA4FCA6FBE73ACEF41324F60911AF415AB0D2FB31A9458675
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C49EEF Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,69C49EA0,69C21DE7,?,69C49E40,69C21DE7,69C7B670,0000000C,69C49F88,69C21DE7,00000002), ref: 69C49F0F
                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 69C49F22
                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,?,?,69C49EA0,69C21DE7,?,69C49E40,69C21DE7,69C7B670,0000000C,69C49F88,69C21DE7,00000002,00000000), ref: 69C49F45
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                      • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                      • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                      • Opcode ID: 3f0ecd5c74eae5618913f3795e01e50de16c0dacd72ca5a6118244eccce71246
                                                                                                                                                                                                                                      • Instruction ID: 3d87d0d87905b3ca0ce55d8528c72e67d7a45dcef600f8baf50c6c3c85a693db
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3f0ecd5c74eae5618913f3795e01e50de16c0dacd72ca5a6118244eccce71246
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AAF0C230A14628FFDF019F95DC08BADBFB8EF45B22F4040A5F809A2150EB349941CB96
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C545ED Relevance: 7.7, APIs: 5, Instructions: 222COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: ca84f8b36e0b9b58da44a63e6e6f938320fae813a15ab7562883627a08a1bb0c
                                                                                                                                                                                                                                      • Instruction ID: b3c7c5ee31a76b25e01cd0d190bcfebe335361daa9461c80494d8e57234818af
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ca84f8b36e0b9b58da44a63e6e6f938320fae813a15ab7562883627a08a1bb0c
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6571F635D00296DBDB11CF55D884ABFBBB6FF423A4F144229E422A7190FB708971CBA5
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C4B731 Relevance: 7.7, APIs: 5, Instructions: 169COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • __cftoe.LIBCMT ref: 69C4B757
                                                                                                                                                                                                                                      • _free.LIBCMT ref: 69C4B77D
                                                                                                                                                                                                                                      • _free.LIBCMT ref: 69C4B84F
                                                                                                                                                                                                                                      • _free.LIBCMT ref: 69C4B882
                                                                                                                                                                                                                                        • Part of subcall function 69C4B8F3: HeapAlloc.KERNEL32(00000008,00000000,00000000,?,69C4FCCF,00000001,00000364,?,?,69C46175,00000000,00000000,00000000,00000000,00000000,0000010C), ref: 69C4B934
                                                                                                                                                                                                                                      • _free.LIBCMT ref: 69C4B8B8
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: _free$AllocHeap__cftoe
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 65443942-0
                                                                                                                                                                                                                                      • Opcode ID: 5ebc924c2332e86076350864936e9c1b66e3595a6f674e6de89cef5f83c113c2
                                                                                                                                                                                                                                      • Instruction ID: f990bdf32ceaa5bdc9a574ebe164207b7367d3780bc1e653d5241ce6ff2ae24f
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5ebc924c2332e86076350864936e9c1b66e3595a6f674e6de89cef5f83c113c2
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C7512C36B04205ABDB10CFA8ED81FAD77B8BF49B64F108229E825E6281FB35D5118775
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C4DB10 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: _free
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 269201875-0
                                                                                                                                                                                                                                      • Opcode ID: ad876e0d40689751439811bd681239b75c2037bb68574cbf1202f9ac780aae20
                                                                                                                                                                                                                                      • Instruction ID: d80c71bf7828a8826a55e650290669106038e5b8c3364bebafcbe71577cc52f6
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ad876e0d40689751439811bd681239b75c2037bb68574cbf1202f9ac780aae20
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7E41F036F402009FCB14DF78D981A5AB7F5EF89B14F1181AAE915EF381EB31A901CB81
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C52171 Relevance: 7.6, APIs: 5, Instructions: 109COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: _free
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 269201875-0
                                                                                                                                                                                                                                      • Opcode ID: 0fc3b217f0d6cf1ce1c0e0f5abe0857497b5959951e1aec6f056f6c4bdd8785d
                                                                                                                                                                                                                                      • Instruction ID: e5dbf113ee24d703c38c7f6268f79904a8f0ba7735af938b9152f6c07b628d67
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0fc3b217f0d6cf1ce1c0e0f5abe0857497b5959951e1aec6f056f6c4bdd8785d
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 88419F356406009FEB15CF2AE851B5AB3F0FF98724B10866DD44BDA2A1F731DA62CB48
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C66578 Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 87COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                        • Part of subcall function 69C66D68: ReadFile.KERNEL32(00000028,00000000,0000001C,0000001C,00000000,0000001C,00000000,00000000,?,?,69C660D0,0000001C,00000000,00000028), ref: 69C66D8A
                                                                                                                                                                                                                                        • Part of subcall function 69C66D68: GetLastError.KERNEL32(?,?,69C660D0,0000001C,00000000,00000028), ref: 69C66D94
                                                                                                                                                                                                                                        • Part of subcall function 69C66D68: GetLastError.KERNEL32(?,?,69C660D0,0000001C,00000000,00000028), ref: 69C66D9F
                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,0000001C,00000000,00000000), ref: 69C665B7
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: ErrorLast$FileRead
                                                                                                                                                                                                                                      • String ID: , observed $c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\file\file_io.cc$read$read: expected
                                                                                                                                                                                                                                      • API String ID: 3644057887-3298404683
                                                                                                                                                                                                                                      • Opcode ID: 9bb93a4095b997ee8bc3933a25fbfab6c3ce6b0dc35c8d27fa32eeb88dd74aa2
                                                                                                                                                                                                                                      • Instruction ID: 9fe133d635cf75672a5bb0b2f6b4dbf4266113771bc13fe009e4f95d4be4dc3a
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9bb93a4095b997ee8bc3933a25fbfab6c3ce6b0dc35c8d27fa32eeb88dd74aa2
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E6215B3554071435DF24EA64FEA7FAD7719EF01368F50945AFD046A0D2FF3299414464
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C66663 Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 87COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                        • Part of subcall function 69C66DDA: WriteFile.KERNEL32(0000001C,000000FF,69C66334,00000000,00000000,?,?,69C6668C,?,0000001C,69C66334,69C66334,000000FF,0000001C), ref: 69C66DF1
                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,000000FF,0000001C,00000001), ref: 69C666A2
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                                      • String ID: , observed $c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\file\file_io.cc$write$write: expected
                                                                                                                                                                                                                                      • API String ID: 442123175-2204066763
                                                                                                                                                                                                                                      • Opcode ID: 4b6e522d72fcfbe9fdd9001fd0ad95922c419d9bd9e37025a32aad9f20258b55
                                                                                                                                                                                                                                      • Instruction ID: c09382b090d5002446936005d5c0cdb503b567d7c532e1d0fbd80aaec8dc0ac5
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4b6e522d72fcfbe9fdd9001fd0ad95922c419d9bd9e37025a32aad9f20258b55
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C5215B395407182AEB24EA64FDA6FAD3759EF01368F509459E9052E0D2FF3299414064
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C62974 Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 73COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,00000001), ref: 69C629F9
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      • microsoft-edge:, xrefs: 69C62991
                                                                                                                                                                                                                                      • Failed to launch Edge for uninstall survey, xrefs: 69C62A16
                                                                                                                                                                                                                                      • c:\b\build\slave\win\build\src\chrome\installer\util\google_chrome_distribution.cc, xrefs: 69C62A03
                                                                                                                                                                                                                                      • <, xrefs: 69C629A4
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: ErrorLast
                                                                                                                                                                                                                                      • String ID: <$Failed to launch Edge for uninstall survey$c:\b\build\slave\win\build\src\chrome\installer\util\google_chrome_distribution.cc$microsoft-edge:
                                                                                                                                                                                                                                      • API String ID: 1452528299-2957470658
                                                                                                                                                                                                                                      • Opcode ID: fc0a4aeec97170dd8bccd3f5fb9dff71773aba3212cd966dde5d928c18cc55ab
                                                                                                                                                                                                                                      • Instruction ID: c6d646ceb09cfbcd287083bd7f8afc9c9dc7fdeecf11ac667e3ea181e08999fb
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fc0a4aeec97170dd8bccd3f5fb9dff71773aba3212cd966dde5d928c18cc55ab
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1821957494030C9EDB14DFA4ECA1BEEB7B8EB05308F405056D915AA1C1FB755606CB61
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C5774E Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • GetEnvironmentStringsW.KERNEL32 ref: 69C57757
                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 69C5777A
                                                                                                                                                                                                                                        • Part of subcall function 69C4C844: HeapAlloc.KERNEL32(00000000,0000010C,00000004,?,69C4C8A7,?,00000000,?,69C57B70,0000010C,00000004,?,0000010C,?,?,69C4DB9D), ref: 69C4C876
                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 69C577A0
                                                                                                                                                                                                                                      • _free.LIBCMT ref: 69C577B3
                                                                                                                                                                                                                                      • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 69C577C2
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: ByteCharEnvironmentMultiStringsWide$AllocFreeHeap_free
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2278895681-0
                                                                                                                                                                                                                                      • Opcode ID: 8e4e59301f9f954a71003d92c81e41ade1cea1e40d7acaf1c7f171e7079cc2a5
                                                                                                                                                                                                                                      • Instruction ID: c13b4985163d2c83b96a05e1145d6e6366632531b33a3fac8bae849deecc18e8
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8e4e59301f9f954a71003d92c81e41ade1cea1e40d7acaf1c7f171e7079cc2a5
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DB01B1766016657B2B12497B7C9CC7B2ABDEAC6AE03008129BD19C2210FA61CC6291B5
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C4FC9E Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • GetLastError.KERNEL32(00000000,00000000,00000000,69C460F1,00000000,?,?,69C46175,00000000,00000000,00000000,00000000,00000000,0000010C,69C322CA), ref: 69C4FCA3
                                                                                                                                                                                                                                      • _free.LIBCMT ref: 69C4FCD8
                                                                                                                                                                                                                                      • _free.LIBCMT ref: 69C4FCFF
                                                                                                                                                                                                                                      • SetLastError.KERNEL32(00000000,00000000,0000010C,69C322CA), ref: 69C4FD0C
                                                                                                                                                                                                                                      • SetLastError.KERNEL32(00000000,00000000,0000010C,69C322CA), ref: 69C4FD15
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: ErrorLast$_free
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 3170660625-0
                                                                                                                                                                                                                                      • Opcode ID: 08b746ec88f2cc767dcfd01b37ed8ba42adf5ecd25cd7f6b282c6bbe93331e31
                                                                                                                                                                                                                                      • Instruction ID: f11e7eea43045784bfd1c7baf03ccfc903831d2c7a6b171cd488a2842af861d2
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 08b746ec88f2cc767dcfd01b37ed8ba42adf5ecd25cd7f6b282c6bbe93331e31
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F801F93A3846516FE7125D297E44E5F223DAFC3FB97215025FC01A2281FF208806A171
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C59D6D Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • _free.LIBCMT ref: 69C59D85
                                                                                                                                                                                                                                        • Part of subcall function 69C4CBA5: HeapFree.KERNEL32(00000000,00000000,?,69C5A020,00000000,00000000,00000000,00000000,?,69C5A2C4,00000000,00000007,00000000,?,69C58081,00000000), ref: 69C4CBBB
                                                                                                                                                                                                                                        • Part of subcall function 69C4CBA5: GetLastError.KERNEL32(00000000,?,69C5A020,00000000,00000000,00000000,00000000,?,69C5A2C4,00000000,00000007,00000000,?,69C58081,00000000,00000000), ref: 69C4CBCD
                                                                                                                                                                                                                                      • _free.LIBCMT ref: 69C59D97
                                                                                                                                                                                                                                      • _free.LIBCMT ref: 69C59DA9
                                                                                                                                                                                                                                      • _free.LIBCMT ref: 69C59DBB
                                                                                                                                                                                                                                      • _free.LIBCMT ref: 69C59DCD
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 776569668-0
                                                                                                                                                                                                                                      • Opcode ID: c833178f246cacef0d550a646a94e2bc2f61555b985282c7e38173d6c2afd68e
                                                                                                                                                                                                                                      • Instruction ID: bf0940333f0b2532170e5da799a519e847c78163a957ea9fecb205641815c772
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c833178f246cacef0d550a646a94e2bc2f61555b985282c7e38173d6c2afd68e
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 90F096725047545BEF00DB58F081C5773F9FA81B24790C846FC59EB550E731F8A58694
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C5F4F1 Relevance: 7.5, APIs: 5, Instructions: 40COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                        • Part of subcall function 69C5F564: GetVersionExW.KERNEL32(0000011C), ref: 69C5F59E
                                                                                                                                                                                                                                        • Part of subcall function 69C5F711: AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000), ref: 69C5F744
                                                                                                                                                                                                                                        • Part of subcall function 69C5F711: CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 69C5F759
                                                                                                                                                                                                                                        • Part of subcall function 69C5F711: FreeSid.ADVAPI32(?), ref: 69C5F769
                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(00000008,?), ref: 69C5F50F
                                                                                                                                                                                                                                      • OpenProcessToken.ADVAPI32(00000000), ref: 69C5F516
                                                                                                                                                                                                                                      • GetTokenInformation.ADVAPI32(?,00000012(TokenIntegrityLevel),?,00000004,00000000), ref: 69C5F53A
                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 69C5F547
                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 69C5F553
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: Token$CloseHandleProcess$AllocateCheckCurrentFreeInformationInitializeMembershipOpenVersion
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 3927590866-0
                                                                                                                                                                                                                                      • Opcode ID: 54f257d3a3368ceb7a5c4342bb50bee0bc4e714fc8276e46f349524861c30a26
                                                                                                                                                                                                                                      • Instruction ID: ed7db9ac26be11ebd30baa199087140f87b114bcb5711b66d83c2d83eb523c76
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 54f257d3a3368ceb7a5c4342bb50bee0bc4e714fc8276e46f349524861c30a26
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F2F019B5900218EFDF04DFE1A909BAD7BBCAF06359F804090AA5696081E7719629FB16
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C2F2B0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 182COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • std::_Xinvalid_argument.LIBCPMT ref: 69C2F453
                                                                                                                                                                                                                                      • std::_Xinvalid_argument.LIBCPMT ref: 69C2F45D
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: Xinvalid_argumentstd::_
                                                                                                                                                                                                                                      • String ID: invalid string position$string too long
                                                                                                                                                                                                                                      • API String ID: 909987262-4289949731
                                                                                                                                                                                                                                      • Opcode ID: 934aa1f543073766f83cc338f2411068fe56e67913036ae8edbb69202f15ef77
                                                                                                                                                                                                                                      • Instruction ID: 61b8baf3bb81227ca3335b1c4d8168fb133d6810f4e2a3624a13f0f54164463b
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 934aa1f543073766f83cc338f2411068fe56e67913036ae8edbb69202f15ef77
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A151AC7160021D9FCB24CF69F8D085EB3A9FF887447604A2EE856CB250FB71E951DBA1
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C26750 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 172COMMONLIBRARYCODE
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • std::_Xinvalid_argument.LIBCPMT ref: 69C2684A
                                                                                                                                                                                                                                      • std::_Xinvalid_argument.LIBCPMT ref: 69C26854
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: Xinvalid_argumentstd::_
                                                                                                                                                                                                                                      • String ID: invalid string position$string too long
                                                                                                                                                                                                                                      • API String ID: 909987262-4289949731
                                                                                                                                                                                                                                      • Opcode ID: 88ca931c0d353afd6c3bcd1fc43686e60308509325d1c492f5dbffbf18fc9975
                                                                                                                                                                                                                                      • Instruction ID: 5c5fe0ad0c539e4f52a7caa0980522d76e9a03004aae3fbf4b127834e051f1e1
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 88ca931c0d353afd6c3bcd1fc43686e60308509325d1c492f5dbffbf18fc9975
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C351D0367047149FD724CE6CF99095AB7E9FF947687104A2FE495CB250EB31E84087B1
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C277C0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 159COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • std::_Xinvalid_argument.LIBCPMT ref: 69C2793F
                                                                                                                                                                                                                                      • std::_Xinvalid_argument.LIBCPMT ref: 69C27949
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: Xinvalid_argumentstd::_
                                                                                                                                                                                                                                      • String ID: invalid string position$string too long
                                                                                                                                                                                                                                      • API String ID: 909987262-4289949731
                                                                                                                                                                                                                                      • Opcode ID: 2e24a158de6120b47befaffccdb227417539d0c12729c52d986d9cecd8e4777f
                                                                                                                                                                                                                                      • Instruction ID: bc01b12c92098c2dfd23724675cfbceca225e8d3d353a0ba2f16286a08ca7ecf
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2e24a158de6120b47befaffccdb227417539d0c12729c52d986d9cecd8e4777f
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D951D132B002149FD724CE1CF8C0A5EB7A6FF91744B604A2AE5A5DB681F731F850DBA1
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C4D347 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • GetModuleFileNameA.KERNEL32(00000000,C:\ProgramData\WinNet\AnyDesk.exe,00000104), ref: 69C4D387
                                                                                                                                                                                                                                      • _free.LIBCMT ref: 69C4D452
                                                                                                                                                                                                                                      • _free.LIBCMT ref: 69C4D45C
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: _free$FileModuleName
                                                                                                                                                                                                                                      • String ID: C:\ProgramData\WinNet\AnyDesk.exe
                                                                                                                                                                                                                                      • API String ID: 2506810119-3295360309
                                                                                                                                                                                                                                      • Opcode ID: a437fc903e06646d58fd2a747e65bcd99371aa188e788aa49301f5e2baa2c5d5
                                                                                                                                                                                                                                      • Instruction ID: 4204d4a3b3922af1b5a02776b8c6c9303fb100e66ee71066e3e979fc64a3f5a5
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a437fc903e06646d58fd2a747e65bcd99371aa188e788aa49301f5e2baa2c5d5
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3A318475B00658EFDB11EF99A980D9EBBFCEF85B14F109067E90497210E770AA41CBA1
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C26910 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 113COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • std::_Xinvalid_argument.LIBCPMT ref: 69C26A09
                                                                                                                                                                                                                                      • std::_Xinvalid_argument.LIBCPMT ref: 69C26A13
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: Xinvalid_argumentstd::_
                                                                                                                                                                                                                                      • String ID: invalid string position$string too long
                                                                                                                                                                                                                                      • API String ID: 909987262-4289949731
                                                                                                                                                                                                                                      • Opcode ID: 35d1c9ec29735bdf79bd5aa469609318a87ea68aac3edde3b2fb76fe2b7b746d
                                                                                                                                                                                                                                      • Instruction ID: d4bba0d876c074bc56d01e44c4e995e3150304278bffe725f3ea2fffeee81e02
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 35d1c9ec29735bdf79bd5aa469609318a87ea68aac3edde3b2fb76fe2b7b746d
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0E31C731304A149FD720DF5CF980A5EB7A9FBD1654B208A2FE591CB281EB71E84087B1
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C21F20 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 112fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • new.LIBCMT ref: 69C21F48
                                                                                                                                                                                                                                        • Part of subcall function 69C21E30: GetModuleFileNameW.KERNEL32(00000000,?,00000104,?), ref: 69C21E54
                                                                                                                                                                                                                                      • CreateFileW.KERNEL32(?,00000004,00000003,00000000,00000004,00000080,00000000), ref: 69C21F81
                                                                                                                                                                                                                                      • CreateFileW.KERNEL32(?,00000004,00000003,00000000,00000004,00000080,00000000,?,debug.log), ref: 69C22032
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: File$Create$ModuleName
                                                                                                                                                                                                                                      • String ID: debug.log
                                                                                                                                                                                                                                      • API String ID: 253491666-600467936
                                                                                                                                                                                                                                      • Opcode ID: 966b0ca99fd6fc329b00ebd1bd4be4e1cb19aac0ce830fdc2ca2ab1e66ab7bfc
                                                                                                                                                                                                                                      • Instruction ID: c283b848fcf895a94a001e33dff8df5103c3f0ef5c7699549c8088b7ab58e0be
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 966b0ca99fd6fc329b00ebd1bd4be4e1cb19aac0ce830fdc2ca2ab1e66ab7bfc
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C341A2B0A10204AFDF04DFA4EC95B6E77B5BB05714F608219E911AB2E0EB759506CB51
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C24F30 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 104COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • std::_Xinvalid_argument.LIBCPMT ref: 69C2501A
                                                                                                                                                                                                                                      • std::_Xinvalid_argument.LIBCPMT ref: 69C25024
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: Xinvalid_argumentstd::_
                                                                                                                                                                                                                                      • String ID: invalid string position$string too long
                                                                                                                                                                                                                                      • API String ID: 909987262-4289949731
                                                                                                                                                                                                                                      • Opcode ID: 4bb33e8f92131215e140b279356e643ccca0c4ae7f2480547ce595bf17f9e54c
                                                                                                                                                                                                                                      • Instruction ID: 4bae741cdcd4619dc71fde3e3be55d64476f595c013875d6236808ef9820330d
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4bb33e8f92131215e140b279356e643ccca0c4ae7f2480547ce595bf17f9e54c
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1F31DD323002509FE724CE6CFC80E5EB7A9FFD5761B604A2EE552CB681E371D84087A2
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C64306 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 104fileCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      • DeleteFile , xrefs: 69C643C1
                                                                                                                                                                                                                                      • c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\client\crash_report_database_win.cc, xrefs: 69C64392
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: DeleteErrorFileLast
                                                                                                                                                                                                                                      • String ID: DeleteFile $c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\client\crash_report_database_win.cc
                                                                                                                                                                                                                                      • API String ID: 2018770650-2174402464
                                                                                                                                                                                                                                      • Opcode ID: 1d0a7c1996e12958f8da5b2cd6dd7913755a6a57a2153ac9c325659cb9402e2c
                                                                                                                                                                                                                                      • Instruction ID: 4d4f1e228a18f73d3f5d129f77c88323dca11adf859e541954b845cdeaf10f59
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1d0a7c1996e12958f8da5b2cd6dd7913755a6a57a2153ac9c325659cb9402e2c
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5B316076E00209AADB14DFA4FCE5FAEB7B8EF14314F10902AF511A7190FB359A45CA50
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C645DD Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90fileCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                        • Part of subcall function 69C6674E: CloseHandle.KERNEL32(000000FF,?,00000000), ref: 69C66761
                                                                                                                                                                                                                                        • Part of subcall function 69C6674E: GetLastError.KERNEL32(?,00000000), ref: 69C6677A
                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?), ref: 69C64612
                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 69C64631
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      • DeleteFile , xrefs: 69C6466F
                                                                                                                                                                                                                                      • c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\client\crash_report_database_win.cc, xrefs: 69C6463D
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: ErrorLast$CloseDeleteFileHandle
                                                                                                                                                                                                                                      • String ID: DeleteFile $c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\client\crash_report_database_win.cc
                                                                                                                                                                                                                                      • API String ID: 1758595503-2174402464
                                                                                                                                                                                                                                      • Opcode ID: ac7a23dda1fd5f7e629b8eb5c3cf851c28acc8a43af87614f4813d5db190ab42
                                                                                                                                                                                                                                      • Instruction ID: 2614360b5659a8ac2601cd0a962ce0acb417e0eac7217faee118f8bf586f68db
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ac7a23dda1fd5f7e629b8eb5c3cf851c28acc8a43af87614f4813d5db190ab42
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AB21DE36A40208AEDB14DBA5FCA6FAE77BCEF44324F10506AE401AB1D0FB35A905C665
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C669EA Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 76COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • __vwprintf_l.LIBCMT ref: 69C66A12
                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,00000000,00000000), ref: 69C66A2F
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      • CreateFile , xrefs: 69C66A6A
                                                                                                                                                                                                                                      • c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\file\file_io_win.cc, xrefs: 69C66A3C
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: ErrorLast__vwprintf_l
                                                                                                                                                                                                                                      • String ID: CreateFile $c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\file\file_io_win.cc
                                                                                                                                                                                                                                      • API String ID: 3407089876-2132845161
                                                                                                                                                                                                                                      • Opcode ID: 5a5a9b2e9fd42225ac42d342a37bb11b3e412aa06e07a9fb6e21afad6771789d
                                                                                                                                                                                                                                      • Instruction ID: 538f46e2b2b55a85a81429dd15b482daab7cb2373d9e7687f78213a6a107049d
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5a5a9b2e9fd42225ac42d342a37bb11b3e412aa06e07a9fb6e21afad6771789d
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2511E739A50308AEEB14DFB4FC92FAE77A8EF04324F50911AF915AB1D1FB315E048664
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C6691E Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 76COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • __vwprintf_l.LIBCMT ref: 69C66946
                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,0000001C,0000001C,00000000), ref: 69C66963
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      • CreateFile , xrefs: 69C6699E
                                                                                                                                                                                                                                      • c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\file\file_io_win.cc, xrefs: 69C66970
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: ErrorLast__vwprintf_l
                                                                                                                                                                                                                                      • String ID: CreateFile $c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\file\file_io_win.cc
                                                                                                                                                                                                                                      • API String ID: 3407089876-2132845161
                                                                                                                                                                                                                                      • Opcode ID: 4208a639f5f521797050c3503436803534c7ae48285ab3c38fb45ce2d41c79e3
                                                                                                                                                                                                                                      • Instruction ID: 2454c4a8bceff9a339ec367394382f100c91da199f3eaeff5ef91b83aef5c2bb
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4208a639f5f521797050c3503436803534c7ae48285ab3c38fb45ce2d41c79e3
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 02110A75A103086FEB14DBB4FD92FAE73A8EF05324F50511AF9146B1D1FB315E048664
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C63E20 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 69fileCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • UnlockFileEx.KERNEL32(?,00000000,?,?,?), ref: 69C63E55
                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000000,?,?,?), ref: 69C63E6E
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      • c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\client\crash_report_database_win.cc, xrefs: 69C63E7B
                                                                                                                                                                                                                                      • UnlockFileEx, xrefs: 69C63E8E
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: ErrorFileLastUnlock
                                                                                                                                                                                                                                      • String ID: UnlockFileEx$c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\client\crash_report_database_win.cc
                                                                                                                                                                                                                                      • API String ID: 3655728120-672186346
                                                                                                                                                                                                                                      • Opcode ID: bb38b5cbb400c70aa2fc00393ac5f20d125b92e135f67c0319f2f452aa9b071e
                                                                                                                                                                                                                                      • Instruction ID: c418c01ff08cc7fd68fca5c1eae0a1132af484a848b8a2eaf2e5e2bcd72b28fb
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bb38b5cbb400c70aa2fc00393ac5f20d125b92e135f67c0319f2f452aa9b071e
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DD11233A4007097EE724DEB4FC91BABB3B8EF41358F10486EE295A60E1FB3119058660
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C667C4 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 62fileCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • LockFileEx.KERNEL32(00000000,00000000,00000000,000000FF,000000FF,?,0000001C,0000001C,00000000), ref: 69C667FA
                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 69C66810
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      • LockFileEx, xrefs: 69C6682F
                                                                                                                                                                                                                                      • c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\file\file_io_win.cc, xrefs: 69C6681C
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: ErrorFileLastLock
                                                                                                                                                                                                                                      • String ID: LockFileEx$c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\file\file_io_win.cc
                                                                                                                                                                                                                                      • API String ID: 1811722133-1010764315
                                                                                                                                                                                                                                      • Opcode ID: 532a908ab02b7f829b7045b73b04902672151b46b63790ea442a420c2aa2e713
                                                                                                                                                                                                                                      • Instruction ID: 66dc220c673591c6a3ffd37b610cb4fc699e96146c572a322941f1abdbff68e6
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 532a908ab02b7f829b7045b73b04902672151b46b63790ea442a420c2aa2e713
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5A0149755046183AEB10DEB4EC91BEB776CEF09378F40016AE618A60D1EA32594686A1
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C66AB6 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 61COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • SetFilePointerEx.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000), ref: 69C66AEE
                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 69C66B07
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      • SetFilePointerEx, xrefs: 69C66B26
                                                                                                                                                                                                                                      • c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\file\file_io_win.cc, xrefs: 69C66B13
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: ErrorFileLastPointer
                                                                                                                                                                                                                                      • String ID: SetFilePointerEx$c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\file\file_io_win.cc
                                                                                                                                                                                                                                      • API String ID: 2976181284-399997206
                                                                                                                                                                                                                                      • Opcode ID: c02b057b7287d9c1509e96c2b9d9077398f489d70767d37b2f1c3c6f9c6203c0
                                                                                                                                                                                                                                      • Instruction ID: ca9a3db05fb6977b6c2fd31d72ae09ed0ad046a1657198b8b4fef19c7a7e9cdc
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c02b057b7287d9c1509e96c2b9d9077398f489d70767d37b2f1c3c6f9c6203c0
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 73112636600605ABEB14CE68FED2FAE7769FB40364F408169F616971D2FB319A019A50
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C60518 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 57COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • CanOfferRelaunch.GCAPI(?,?,?,?), ref: 69C6052C
                                                                                                                                                                                                                                        • Part of subcall function 69C33FC0: RegCreateKeyExW.ADVAPI32(00000202,?,00000000,00000000,00000000,?,00000000,?), ref: 69C33FFA
                                                                                                                                                                                                                                        • Part of subcall function 69C33FC0: RegCloseKey.ADVAPI32 ref: 69C3400D
                                                                                                                                                                                                                                        • Part of subcall function 69C343A0: RegSetValueExW.ADVAPI32(00000000,?,00000000,00000001,?,?), ref: 69C343E1
                                                                                                                                                                                                                                        • Part of subcall function 69C5F147: GetLocalTime.KERNEL32(?), ref: 69C5F15F
                                                                                                                                                                                                                                        • Part of subcall function 69C34370: RegSetValueExW.ADVAPI32(?,00000202,00000000,00000004,00000004), ref: 69C34390
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      • Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}, xrefs: 69C60542
                                                                                                                                                                                                                                      • RelaunchAllowedAfter, xrefs: 69C60575
                                                                                                                                                                                                                                      • RelaunchBrandcode, xrefs: 69C6055E
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: Value$CloseCreateLocalOfferRelaunchTime
                                                                                                                                                                                                                                      • String ID: RelaunchAllowedAfter$RelaunchBrandcode$Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
                                                                                                                                                                                                                                      • API String ID: 4093175577-67220017
                                                                                                                                                                                                                                      • Opcode ID: 62e0562e9692aec76acc19c365556e2b2081f88f3c6053f55842ad4f35246786
                                                                                                                                                                                                                                      • Instruction ID: d6c20c803799bf6d8eafdb0c813b341160da7da24d6d1763baef42476a1005dc
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 62e0562e9692aec76acc19c365556e2b2081f88f3c6053f55842ad4f35246786
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F9116D3590022A6BDB14EEA5FD41ADF7B38AF08354F808465AE11B60A1FB71A920DBD5
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C66C33 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 54fileCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • UnlockFileEx.KERNEL32(000000FF,00000000,000000FF,000000FF,?,00000000,00000000), ref: 69C66C5B
                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 69C66C72
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      • c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\file\file_io_win.cc, xrefs: 69C66C7F
                                                                                                                                                                                                                                      • UnlockFileEx, xrefs: 69C66C92
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: ErrorFileLastUnlock
                                                                                                                                                                                                                                      • String ID: UnlockFileEx$c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\file\file_io_win.cc
                                                                                                                                                                                                                                      • API String ID: 3655728120-168028389
                                                                                                                                                                                                                                      • Opcode ID: dfbc3594481478d1ce3938b7970902673b1d595d46e31bc71c6e983b883860f9
                                                                                                                                                                                                                                      • Instruction ID: 74e0969be31cb624634b55c0ce411f6a63e955894ee2d72ab48df1087653ce55
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dfbc3594481478d1ce3938b7970902673b1d595d46e31bc71c6e983b883860f9
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A4017B35904B043AEB00CFB4FD92FAEB37CEB45364F500226E624B60E1FB321D064461
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C50D37 Relevance: 6.3, APIs: 4, Instructions: 305COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: __alldvrm$_strrchr
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 1036877536-0
                                                                                                                                                                                                                                      • Opcode ID: 08bbd95e0c94314e88f8ac9cb1697bb445864f1c51da791db5baa43eeec002dc
                                                                                                                                                                                                                                      • Instruction ID: da80031735801edf8f3708a9817cbba13b8c605573b6d007ab3c0578f42b900d
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 08bbd95e0c94314e88f8ac9cb1697bb445864f1c51da791db5baa43eeec002dc
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 09A18932A043869FE711CF18E8917AEBBE1FF51358F14826DD48ADB281E37489B1C758
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C359B0 Relevance: 6.3, APIs: 4, Instructions: 291COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                        • Part of subcall function 69C34CA0: AcquireSRWLockExclusive.KERNEL32(00000000,00000001,0000000F), ref: 69C34CBC
                                                                                                                                                                                                                                        • Part of subcall function 69C34CA0: ReleaseSRWLockExclusive.KERNEL32(00000000), ref: 69C34D21
                                                                                                                                                                                                                                        • Part of subcall function 69C34E80: AcquireSRWLockExclusive.KERNEL32(00000000,00000000,00000000,00000000), ref: 69C34EDB
                                                                                                                                                                                                                                        • Part of subcall function 69C34E80: ReleaseSRWLockExclusive.KERNEL32(00000000), ref: 69C34F0A
                                                                                                                                                                                                                                        • Part of subcall function 69C34E80: AcquireSRWLockExclusive.KERNEL32(00000000,00000000,00000000,00000000), ref: 69C34FCD
                                                                                                                                                                                                                                        • Part of subcall function 69C34E80: ReleaseSRWLockExclusive.KERNEL32(00000000), ref: 69C3500A
                                                                                                                                                                                                                                      • AcquireSRWLockExclusive.KERNEL32(00000000), ref: 69C35BFA
                                                                                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32(00000000), ref: 69C35C1E
                                                                                                                                                                                                                                      • AcquireSRWLockExclusive.KERNEL32(00000000), ref: 69C35C47
                                                                                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32(00000000), ref: 69C35C6B
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: ExclusiveLock$AcquireRelease
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 17069307-0
                                                                                                                                                                                                                                      • Opcode ID: 30698d9ed052925614070b01d3ad27930918cc672cca2bf69f2f7105bdf2c445
                                                                                                                                                                                                                                      • Instruction ID: a21644a8bf8762770113d4e593ccbcbcfe62b5f98ff424adbd1c50a23299a0ca
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 30698d9ed052925614070b01d3ad27930918cc672cca2bf69f2f7105bdf2c445
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 94B15074E00669DBCB04CF68E5D07AEB7B5BF89348F948169D809E7380FB359942CB91
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C22400 Relevance: 6.2, APIs: 4, Instructions: 154fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • OutputDebugStringA.KERNEL32(?), ref: 69C22481
                                                                                                                                                                                                                                      • WriteFile.KERNEL32(?,?,?,00000000), ref: 69C224FF
                                                                                                                                                                                                                                      • SetLastError.KERNEL32(?,?,00000000), ref: 69C225AF
                                                                                                                                                                                                                                      • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 69C225C6
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: DebugErrorFileIos_base_dtorLastOutputStringWritestd::ios_base::_
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 3426912829-0
                                                                                                                                                                                                                                      • Opcode ID: ce7fe796dddad8bd3d08f5b1f0f216fb2c4921091a64d85ec6a9a46b4438042f
                                                                                                                                                                                                                                      • Instruction ID: 06934a46bd91d4729561a191e71c88f625d240b8d3588c2d6d591802e76392aa
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ce7fe796dddad8bd3d08f5b1f0f216fb2c4921091a64d85ec6a9a46b4438042f
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FA51E1B56043509FDB04CF54E855AAAB7F8FF89308F40482CF99697191E730E60ACBA3
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C5DBFC Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: _free
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 269201875-0
                                                                                                                                                                                                                                      • Opcode ID: fdf2d6fff5601896827650a7694e601a39b60bd8cd467cecd34269db04ce6001
                                                                                                                                                                                                                                      • Instruction ID: e89ff6e74e40f4068ed9d8b6ff91b65af18bc6960847cfa2c33b86a70cd3cb54
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fdf2d6fff5601896827650a7694e601a39b60bd8cd467cecd34269db04ce6001
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 28411735A003046BE7119FB9AC40BAE3BB9FF42774F108666F41BD61D0FBB44871466A
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C4FE76 Relevance: 6.1, APIs: 4, Instructions: 133COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 74c7efa4801600ec62c7b9ad5e2bd70ad8509637d70d66a1bb955e6c0bbbc94a
                                                                                                                                                                                                                                      • Instruction ID: 9335006f843a207a5aed62547944f965cb7bb43f0f575ccbd7b04aa4f02fb1b7
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 74c7efa4801600ec62c7b9ad5e2bd70ad8509637d70d66a1bb955e6c0bbbc94a
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 28411376B00708BFE324CF78EC40B5ABBE9EB89B64F10863AE151DB681F77195119790
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C54BE8 Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000000,08A8C445,00000008,00000000,00000000,69C300E9,00000000,-00000018,?,00000001,00000008,08A8C445,00000001,69C300E9,00000001), ref: 69C54C35
                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 69C54CBE
                                                                                                                                                                                                                                      • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 69C54CD0
                                                                                                                                                                                                                                      • __freea.LIBCMT ref: 69C54CD9
                                                                                                                                                                                                                                        • Part of subcall function 69C4C844: HeapAlloc.KERNEL32(00000000,0000010C,00000004,?,69C4C8A7,?,00000000,?,69C57B70,0000010C,00000004,?,0000010C,?,?,69C4DB9D), ref: 69C4C876
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: ByteCharMultiWide$AllocHeapStringType__freea
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 573072132-0
                                                                                                                                                                                                                                      • Opcode ID: 8c7c9a92dea4f98afc31cb89b5c70b8ae295157fce55a7cbb2720c98c999ef30
                                                                                                                                                                                                                                      • Instruction ID: 78b923635726d52e0b6bb8dcb526e2b19964815ee4be9de98dfd83c78e009af7
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8c7c9a92dea4f98afc31cb89b5c70b8ae295157fce55a7cbb2720c98c999ef30
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4331CF72A0021AABDF15CF65EC40EAE3BA9EF81714F014128EC15DB250F735E971CBA4
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C32EE0 Relevance: 6.1, APIs: 4, Instructions: 78timeCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • TzSpecificLocalTimeToSystemTime.KERNEL32(00000000,?,?,00000001,?,?,?,?,?,?,?,69C60690), ref: 69C32F5B
                                                                                                                                                                                                                                      • SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,69C60690), ref: 69C32F6F
                                                                                                                                                                                                                                      • SystemTimeToFileTime.KERNEL32(?,00000001,00000001,?,?,?,?,?,?,?,69C60690), ref: 69C32F83
                                                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 69C32FBD
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: Time$System$File$LocalSpecificUnothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 1393065386-0
                                                                                                                                                                                                                                      • Opcode ID: 516e1b022e57b2c444f98cd44ecc32a75937b2f48d9673c4e3dd4ea6dd8d9dcc
                                                                                                                                                                                                                                      • Instruction ID: 7dd155237277ef37ea3d9bccccf77ee5c64bdc10337797513625e491baf62fd0
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 516e1b022e57b2c444f98cd44ecc32a75937b2f48d9673c4e3dd4ea6dd8d9dcc
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A6314A751183659BC710CF65D400B7BB7E8BF88B14F10880EF899C7290E739D94ADBA6
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C4D7C8 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 86530d78637159e232dc846ea9475dbf459d6c7b00d223846420aa2c824e9fc9
                                                                                                                                                                                                                                      • Instruction ID: a35c9ddf0d12fa442cc79dbb90cee842365eb2d54a8cc09a5ba5c24e4e6f55c8
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 86530d78637159e232dc846ea9475dbf459d6c7b00d223846420aa2c824e9fc9
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6A018BB27096167FFB0029797CC0F6B226CEB92BB8B205736B520611D4FB61AC5181A2
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C413D5 Relevance: 6.1, APIs: 4, Instructions: 53timethreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • GetSystemTimeAsFileTime.KERNEL32(00000000,00000000,00000000), ref: 69C41409
                                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 69C41418
                                                                                                                                                                                                                                      • GetCurrentProcessId.KERNEL32 ref: 69C41421
                                                                                                                                                                                                                                      • QueryPerformanceCounter.KERNEL32(?), ref: 69C4142E
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2933794660-0
                                                                                                                                                                                                                                      • Opcode ID: b8e42e237f0e12a529c3931c806558521ad95c1069547b0fd9bb83b603859704
                                                                                                                                                                                                                                      • Instruction ID: d68a8e4210aeb487b3d634b3b8b01ee2318b8fe7afb09a36b938e2633aa62926
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b8e42e237f0e12a529c3931c806558521ad95c1069547b0fd9bb83b603859704
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4E119171E04118DFDF04CFB9D5446AE7BB4FF5A311F91146AE806DB240EA308601CBA1
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C4EEBB Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00000000,00000000,00000000,?,69C4EE62,00000000,00000000,00000000,00000000,?,69C4F12C,00000006,FlsSetValue), ref: 69C4EEED
                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,69C4EE62,00000000,00000000,00000000,00000000,?,69C4F12C,00000006,FlsSetValue,69C6F920,69C6F928,00000000,00000364,?,69C4FCEC), ref: 69C4EEF9
                                                                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,69C4EE62,00000000,00000000,00000000,00000000,?,69C4F12C,00000006,FlsSetValue,69C6F920,69C6F928,00000000), ref: 69C4EF07
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 3177248105-0
                                                                                                                                                                                                                                      • Opcode ID: 0e625e549d788d01442d2766c64329cec93672f0eb477e4bccd957db0acd0efa
                                                                                                                                                                                                                                      • Instruction ID: 0565e291f14800a19ff0a0ae064648a49f8c0c5897ca7f0ce311f66fdb23cf37
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0e625e549d788d01442d2766c64329cec93672f0eb477e4bccd957db0acd0efa
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DF018437755236ABDB118E6AAC44A76777CAF46FB17120620F915E7180E721D802C6E0
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C66D68 Relevance: 6.0, APIs: 4, Instructions: 48fileCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • ReadFile.KERNEL32(00000028,00000000,0000001C,0000001C,00000000,0000001C,00000000,00000000,?,?,69C660D0,0000001C,00000000,00000028), ref: 69C66D8A
                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,69C660D0,0000001C,00000000,00000028), ref: 69C66D94
                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,69C660D0,0000001C,00000000,00000028), ref: 69C66D9F
                                                                                                                                                                                                                                      • GetFileType.KERNEL32(00000028,?,?,69C660D0,0000001C,00000000,00000028), ref: 69C66DBB
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: ErrorFileLast$ReadType
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2855922492-0
                                                                                                                                                                                                                                      • Opcode ID: 8a3e4e5decb946abb250f16b05f9e0ee62b0508e04a9f2c4280f492de7fc0e01
                                                                                                                                                                                                                                      • Instruction ID: 52143c8a1042a75504a1bdb2cf61355e02d83097dceab1f08dbcace23720f762
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8a3e4e5decb946abb250f16b05f9e0ee62b0508e04a9f2c4280f492de7fc0e01
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2A018B31604569ABEB009E6ADEC5BAA37BDFF42365F000624FD14D7160E734EC118791
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C2D3D0 Relevance: 6.0, APIs: 4, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 19b66c6cea623c4ce6e82e1a1a5c1cb39f330c3bcc8957baa14ce12d8e58302c
                                                                                                                                                                                                                                      • Instruction ID: 51e46a715bef9aa086c2c147c4bcc6886b9af60cf2f36e486e41bff98c167f8b
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 19b66c6cea623c4ce6e82e1a1a5c1cb39f330c3bcc8957baa14ce12d8e58302c
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: ACF0977EB0420402E304CBB4B711A1F32A88E347A8B20833BE417C2184FB64F59186A7
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C325C0 Relevance: 6.0, APIs: 4, Instructions: 47COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: e9497407c361fa0e5cdba83c1c808aa0bd6f632a9449a5baa6c9db17d36afeda
                                                                                                                                                                                                                                      • Instruction ID: 5bad4d476eeeafef2da6d35e21357279413431950453ff6a640d3b4592814c2b
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e9497407c361fa0e5cdba83c1c808aa0bd6f632a9449a5baa6c9db17d36afeda
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B7F09E79B0461003DF04DBB07731A1E32744E20768B80C33AE416C2581F720F653C2D7
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C30640 Relevance: 6.0, APIs: 4, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: fae71b4869ae569bafac289f6a09a1d21ff0609c13e63d45931af16e1a68b08f
                                                                                                                                                                                                                                      • Instruction ID: 27aa2fdb8aa64555abfa908e22baaf093d5c4d2f5ed1c2db6a4b746ace57c336
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fae71b4869ae569bafac289f6a09a1d21ff0609c13e63d45931af16e1a68b08f
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D7F09EBB70061042A304C7747751A1E32B84E90798B90C239EC1AC6548F720E690869B
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C30D70 Relevance: 6.0, APIs: 4, Instructions: 45COMMONLIBRARYCODE
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: a3b9674a052d906bc40769fbd11e90ff7402c1ad619f96228d6ceedf274cac0c
                                                                                                                                                                                                                                      • Instruction ID: f88e39b29eee46e567637b7731f63cfaaff03eeb5ac5794307dfa4fc15d2b904
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a3b9674a052d906bc40769fbd11e90ff7402c1ad619f96228d6ceedf274cac0c
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6DF02E7F70521447F704DBB8B651F5E33E85E60B587808239E406C6519FB25F594C39B
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C2B020 Relevance: 6.0, APIs: 4, Instructions: 45COMMONLIBRARYCODE
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 15c0b58c902f026745a66fbe5b3f6f91989226b873c08466af165a5806f21b42
                                                                                                                                                                                                                                      • Instruction ID: 43eed0dddb5a697a13e7b28291eeb8ba0f895e0ed7f9ac68eb767c005285ac95
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 15c0b58c902f026745a66fbe5b3f6f91989226b873c08466af165a5806f21b42
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 11F09EF97001088BE315C7B6B711E2E73E88E617547808239E435C7115FB64EA54C3D7
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C6674E Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 43COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(000000FF,?,00000000), ref: 69C66761
                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000000), ref: 69C6677A
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      • CloseHandle, xrefs: 69C6679A
                                                                                                                                                                                                                                      • c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\file\file_io_win.cc, xrefs: 69C66787
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: CloseErrorHandleLast
                                                                                                                                                                                                                                      • String ID: CloseHandle$c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\file\file_io_win.cc
                                                                                                                                                                                                                                      • API String ID: 918212764-2138661059
                                                                                                                                                                                                                                      • Opcode ID: d05501094d766d11ff6da7917b99f296fa554c4741bd526440a9f6ad88cd29c0
                                                                                                                                                                                                                                      • Instruction ID: eafebd0f513b8af60aea1ca5d909aa119cda6dd349e151a19bbab96e59d20298
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d05501094d766d11ff6da7917b99f296fa554c4741bd526440a9f6ad88cd29c0
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 91F0507680071566DB24EE74FDB6F9E7718AF00374F809459ED446E1C2FB319C444191
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C4DD5F Relevance: 6.0, APIs: 4, Instructions: 28COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                        • Part of subcall function 69C4DDC4: _free.LIBCMT ref: 69C4DDF9
                                                                                                                                                                                                                                      • _free.LIBCMT ref: 69C4DD7A
                                                                                                                                                                                                                                        • Part of subcall function 69C4CBA5: HeapFree.KERNEL32(00000000,00000000,?,69C5A020,00000000,00000000,00000000,00000000,?,69C5A2C4,00000000,00000007,00000000,?,69C58081,00000000), ref: 69C4CBBB
                                                                                                                                                                                                                                        • Part of subcall function 69C4CBA5: GetLastError.KERNEL32(00000000,?,69C5A020,00000000,00000000,00000000,00000000,?,69C5A2C4,00000000,00000007,00000000,?,69C58081,00000000,00000000), ref: 69C4CBCD
                                                                                                                                                                                                                                      • _free.LIBCMT ref: 69C4DD8D
                                                                                                                                                                                                                                      • _free.LIBCMT ref: 69C4DD9E
                                                                                                                                                                                                                                      • _free.LIBCMT ref: 69C4DDAF
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 776569668-0
                                                                                                                                                                                                                                      • Opcode ID: 180bb1800aa9a7ed60819d92d012c6c09726135d8fb9aa68eb3b5b4c96ef0eec
                                                                                                                                                                                                                                      • Instruction ID: 9cfd4f486788f857b3b187adbac2ae319b7cb3c64ca2e12af10321446b00b53c
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 180bb1800aa9a7ed60819d92d012c6c09726135d8fb9aa68eb3b5b4c96ef0eec
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 41F0127B511574EAEF019F54EC08CE93A79E766908700D946EC005B270EB3616168A97
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C24B40 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 204COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • std::_Xinvalid_argument.LIBCPMT ref: 69C24BF6
                                                                                                                                                                                                                                      • std::_Xinvalid_argument.LIBCPMT ref: 69C24C00
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: Xinvalid_argumentstd::_
                                                                                                                                                                                                                                      • String ID: string too long
                                                                                                                                                                                                                                      • API String ID: 909987262-2556327735
                                                                                                                                                                                                                                      • Opcode ID: a3d6868533390bae32d15b7dfeb583750d589c120dbab47fb9301c5c4c1b7b8a
                                                                                                                                                                                                                                      • Instruction ID: b36f0c6db7cefe92dd29a7aa01a39ffe8c6696e709b56e55bb8a18e5e8745872
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a3d6868533390bae32d15b7dfeb583750d589c120dbab47fb9301c5c4c1b7b8a
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E7512936304B509BD3218E5CF880A5AFBE9FF92760B504A2BE595CB791E371D84087A1
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C4C99D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • __startOneArgErrorHandling.LIBCMT ref: 69C4CA2D
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: ErrorHandling__start
                                                                                                                                                                                                                                      • String ID: pow
                                                                                                                                                                                                                                      • API String ID: 3213639722-2276729525
                                                                                                                                                                                                                                      • Opcode ID: 60f45b6ea58c3d3026d90c6a6628b4778510476999a72b6e2036af90fd235882
                                                                                                                                                                                                                                      • Instruction ID: 1d38beb01d984b808b88d7f801583717dbfdb5f691d994f6b1524e7bc8623698
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 60f45b6ea58c3d3026d90c6a6628b4778510476999a72b6e2036af90fd235882
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 42517C71B8990196DF01E614EB1139A3BB4BB41F94F10CD68E4A2461F8FF3585B9878B
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C262E0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 158COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: invalid string position$string too long
                                                                                                                                                                                                                                      • API String ID: 0-4289949731
                                                                                                                                                                                                                                      • Opcode ID: aa861dc8e45c3631e9095f10004bf9936ed46ed37cd82a8e95221da4121e518c
                                                                                                                                                                                                                                      • Instruction ID: 634955b5fa9fcc41e23684155698ae7a9d31674e4b0d51fb4e74d918f8cfb939
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: aa861dc8e45c3631e9095f10004bf9936ed46ed37cd82a8e95221da4121e518c
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DB41F7323006544FE3309E5CF940A4AF7E9FBA5661F204A3FE591CB691E7B1D84487B1
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C2F170 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 132COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: invalid string position$string too long
                                                                                                                                                                                                                                      • API String ID: 0-4289949731
                                                                                                                                                                                                                                      • Opcode ID: 7588144b52196081f60e0df2fb1ade7ed4754ea18bec16bb943e69995a9fec32
                                                                                                                                                                                                                                      • Instruction ID: a3053c75764bfa4b4f42fd949d6bb87ffb8f94496ed226805ef1c54c55573141
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7588144b52196081f60e0df2fb1ade7ed4754ea18bec16bb943e69995a9fec32
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1541B135B0021D9FC720CE9DFC90D5AB7AAFF867407904A2EE540CB655EB30E8559BA1
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C5FCD5 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 129COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • GoogleChromeDaysSinceLastRun.GCAPI ref: 69C5FDBB
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      • Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}, xrefs: 69C5FDDE
                                                                                                                                                                                                                                      • RelaunchAllowedAfter, xrefs: 69C5FDF8
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: ChromeDaysGoogleLastSince
                                                                                                                                                                                                                                      • String ID: RelaunchAllowedAfter$Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
                                                                                                                                                                                                                                      • API String ID: 2052684696-26780984
                                                                                                                                                                                                                                      • Opcode ID: 28625e054a84697fdaba56164600b6f5833c4fe368c8bf90d3f08a4a7f7380a2
                                                                                                                                                                                                                                      • Instruction ID: 7d78f6a7c38c7165048c6b63ccdfa971bf66018b1dfb971c1a3bb066d9e8e1d9
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 28625e054a84697fdaba56164600b6f5833c4fe368c8bf90d3f08a4a7f7380a2
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5B4135319002299FEB18CFA4F944BAE73B4FF05758F108419D852AB181FBB1D871EB98
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C64ADC Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 124COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: dmp$reports
                                                                                                                                                                                                                                      • API String ID: 0-1316949204
                                                                                                                                                                                                                                      • Opcode ID: a8578d1942fcd82cd06fc8c355e5f4d850d3e24ff26cc36edcb09856dd7334c6
                                                                                                                                                                                                                                      • Instruction ID: 810f5851e3e7c176138f28b08eadda517263180513f038a3bb8089077df547de
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a8578d1942fcd82cd06fc8c355e5f4d850d3e24ff26cc36edcb09856dd7334c6
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C741B175A00218ABCB14DBB4FCA0EAEB7B9EF44718F509169E415EB280FF309D05CB94
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C24D29 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 122COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • std::_Xinvalid_argument.LIBCPMT ref: 69C24E2C
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: Xinvalid_argumentstd::_
                                                                                                                                                                                                                                      • String ID: invalid string position$string too long
                                                                                                                                                                                                                                      • API String ID: 909987262-4289949731
                                                                                                                                                                                                                                      • Opcode ID: 6d9ce6c52082db26fe17a2d195f0c779b9f9d93727f59f34098737cd3b6573e7
                                                                                                                                                                                                                                      • Instruction ID: 5dbf49ce1c2a5c9db8e94b39c687c5c07d5aa290d85a14fc3015481444cf49d0
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6d9ce6c52082db26fe17a2d195f0c779b9f9d93727f59f34098737cd3b6573e7
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9E31B1323047508FE3218F6CF840B5AF7A5FBD1A65F504A2FE651CB281E772D85187A1
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C24970 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 121COMMONLIBRARYCODE
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • std::_Xinvalid_argument.LIBCPMT ref: 69C24A86
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: Xinvalid_argumentstd::_
                                                                                                                                                                                                                                      • String ID: invalid string position$string too long
                                                                                                                                                                                                                                      • API String ID: 909987262-4289949731
                                                                                                                                                                                                                                      • Opcode ID: 2abd4e1fd7bb29ce9d5a9716f35ec6964c153dfb7fcc354348c802d34b679953
                                                                                                                                                                                                                                      • Instruction ID: 7e1b62fdfadef5dee81a2faeed6cd46877c725fda7252499a340004cd2c8bd50
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2abd4e1fd7bb29ce9d5a9716f35ec6964c153dfb7fcc354348c802d34b679953
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CE318732308214DB8720DF6DF8C095AB3EAFF947653100A2FE656CB610FB31E9118BA5
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C30A20 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 121COMMONLIBRARYCODE
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • std::_Xinvalid_argument.LIBCPMT ref: 69C30B4C
                                                                                                                                                                                                                                        • Part of subcall function 69C3FC11: std::invalid_argument::invalid_argument.LIBCONCRT ref: 69C3FC1D
                                                                                                                                                                                                                                        • Part of subcall function 69C3FC11: __CxxThrowException@8.LIBVCRUNTIME ref: 69C3FC2B
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: Exception@8ThrowXinvalid_argumentstd::_std::invalid_argument::invalid_argument
                                                                                                                                                                                                                                      • String ID: ,$vector<T> too long
                                                                                                                                                                                                                                      • API String ID: 1419379543-2403322092
                                                                                                                                                                                                                                      • Opcode ID: 7a4b03d6f160585c72383a0bf58717c1d4677f015d6e4b67da53ff33850ef58b
                                                                                                                                                                                                                                      • Instruction ID: 4945ec2cf1e25258d3d8843b7fa22a365ddb8452f2f802a70209ed15eddd6f5b
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7a4b03d6f160585c72383a0bf58717c1d4677f015d6e4b67da53ff33850ef58b
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9831E736E001289BDF00DFA8ECC0AEEF771FF09318F448528D815A7281E771A954C7A1
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C2A660 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 85COMMONLIBRARYCODE
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • std::_Xinvalid_argument.LIBCPMT ref: 69C2A70A
                                                                                                                                                                                                                                      • std::_Xinvalid_argument.LIBCPMT ref: 69C2A714
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: Xinvalid_argumentstd::_
                                                                                                                                                                                                                                      • String ID: string too long
                                                                                                                                                                                                                                      • API String ID: 909987262-2556327735
                                                                                                                                                                                                                                      • Opcode ID: d83f2734a4b2cf9f9c6151fecb39ec21425b944208f60e1f310e5a6ec9781b0f
                                                                                                                                                                                                                                      • Instruction ID: 3570a83b72d73852bc4b4847fc3f9863965da95df1d0349dd09f603042e8f674
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d83f2734a4b2cf9f9c6151fecb39ec21425b944208f60e1f310e5a6ec9781b0f
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 411190323187145B57249E6DF88081AF7EAFFE46713200A3FE596C76A0FB61A84487A5
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C5F056 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 82COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • GetClassNameW.USER32(?,?,00000104), ref: 69C5F0B2
                                                                                                                                                                                                                                      • SetWindowPos.USER32(?,?,?,?,?,?,?), ref: 69C5F105
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: ClassNameWindow
                                                                                                                                                                                                                                      • String ID: Chrome_WidgetWin_
                                                                                                                                                                                                                                      • API String ID: 697123166-524248775
                                                                                                                                                                                                                                      • Opcode ID: 419dabbd16511d31d2870add5e7b910a4a1bb8479b9f1a0d825f10c0c7baa2e4
                                                                                                                                                                                                                                      • Instruction ID: af9826a779c24aacd176db3206b9187d78cefc9d694bfad7b53796f19f379385
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 419dabbd16511d31d2870add5e7b910a4a1bb8479b9f1a0d825f10c0c7baa2e4
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BE21B4B5940209BFDB14CF64EC84F9AB7B8FF24704F004559A519D7181F771E5A5CB90
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C6134D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 77comCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • CoCreateInstance.OLE32(69C78238,00000000,00000001,69C76804,00000000,00000000,?,00000000,00000000), ref: 69C6136D
                                                                                                                                                                                                                                        • Part of subcall function 69C3C8D0: SysAllocString.OLEAUT32(?), ref: 69C3C8D9
                                                                                                                                                                                                                                        • Part of subcall function 69C3C8F0: SysFreeString.OLEAUT32(?), ref: 69C3C8F2
                                                                                                                                                                                                                                      • CoSetProxyBlanket.OLE32(00000000,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 69C613BE
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: String$AllocBlanketCreateFreeInstanceProxy
                                                                                                                                                                                                                                      • String ID: ROOT\CIMV2
                                                                                                                                                                                                                                      • API String ID: 2036101689-2786109267
                                                                                                                                                                                                                                      • Opcode ID: 79fb3796c0e8e34a012a134e614779d941dabcdf24ce64032f901be00e31c2ee
                                                                                                                                                                                                                                      • Instruction ID: 1263be1ed96f83df26bbad6cfd9125fc899d39459411e52105c0ac8ad6bd3bfa
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 79fb3796c0e8e34a012a134e614779d941dabcdf24ce64032f901be00e31c2ee
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DF215B74A40208BFDB10CFA5D8D0EAEBB7CFF49749F1081ADA906AB250E6719E41DB51
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C32860 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 71COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: Xinvalid_argumentstd::_
                                                                                                                                                                                                                                      • String ID: list<T> too long
                                                                                                                                                                                                                                      • API String ID: 909987262-4027344264
                                                                                                                                                                                                                                      • Opcode ID: 50a58e752218330cb23fbdf43fe452ed953a28ecd89f1439005cae73d1bfd278
                                                                                                                                                                                                                                      • Instruction ID: 1f2ee8c7644ecd2ff6342e72f239f4ce3497112d5b0c4c344368fc547eb6f6d1
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 50a58e752218330cb23fbdf43fe452ed953a28ecd89f1439005cae73d1bfd278
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F8119E76A002299BCB10CF98E580989F7F5FF89710B55C6A9DD08AB304E731ED06CBD2
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C3C700 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 71COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: Xinvalid_argumentstd::_
                                                                                                                                                                                                                                      • String ID: list<T> too long
                                                                                                                                                                                                                                      • API String ID: 909987262-4027344264
                                                                                                                                                                                                                                      • Opcode ID: bd8a004608eff1c11782bb6d2246df29cf2b9524051b6122c3095449c6f14184
                                                                                                                                                                                                                                      • Instruction ID: 1d64ee51f23d33d3f9e3f39fe9862b2361a288447e0783d1854d3fb0a1301855
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bd8a004608eff1c11782bb6d2246df29cf2b9524051b6122c3095449c6f14184
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 46118CBAA01225DFCB14CF68E580A4AB7E8FF49704B5485A9ED08DB301E371ED41CBD0
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C2A5C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • std::_Xinvalid_argument.LIBCPMT ref: 69C2A64E
                                                                                                                                                                                                                                      • std::_Xinvalid_argument.LIBCPMT ref: 69C2A658
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: Xinvalid_argumentstd::_
                                                                                                                                                                                                                                      • String ID: string too long
                                                                                                                                                                                                                                      • API String ID: 909987262-2556327735
                                                                                                                                                                                                                                      • Opcode ID: 7def1b04ac0174b99c3f24078333fbb29c8fa97dcca5334702dcd1fba0f07066
                                                                                                                                                                                                                                      • Instruction ID: 091c7b2af80e1293eb70286dc1631fbcf5f406f6ea72f18b4f40f02420ad541d
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7def1b04ac0174b99c3f24078333fbb29c8fa97dcca5334702dcd1fba0f07066
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F01102323087105A86309EACF84091EB7E9FFE0B71B110A3FE696C7690FB31E41487A5
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C3D170 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57libraryloaderCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(kernel32.dll), ref: 69C3D184
                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000), ref: 69C3D195
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                      • String ID: kernel32.dll
                                                                                                                                                                                                                                      • API String ID: 1646373207-1793498882
                                                                                                                                                                                                                                      • Opcode ID: f30a3c06ee2358b4277e4dc90dee4e5e2e04f0d789673c5e1cf84901b2c94257
                                                                                                                                                                                                                                      • Instruction ID: e26339ae3e19aadfd5a3f961de014e71a081dce230d7cdeba7323630ec147df2
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f30a3c06ee2358b4277e4dc90dee4e5e2e04f0d789673c5e1cf84901b2c94257
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0C018475A00219BBEF109E99EC44FAE7BBCFB81660F500196ED08D7140EB70D605C762
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C66411 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 55COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • UuidCreate.RPCRT4(?), ref: 69C66431
                                                                                                                                                                                                                                        • Part of subcall function 69C22340: GetLastError.KERNEL32(?,00000000), ref: 69C223D6
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      • UuidCreate, xrefs: 69C6645F
                                                                                                                                                                                                                                      • c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\misc\uuid.cc, xrefs: 69C6644B
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: CreateErrorLastUuid
                                                                                                                                                                                                                                      • String ID: UuidCreate$c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\misc\uuid.cc
                                                                                                                                                                                                                                      • API String ID: 3740028514-535133227
                                                                                                                                                                                                                                      • Opcode ID: db96e00cc6b4b287fff55fea4dfb09eb894066b00a5166a0ce01235829c5f081
                                                                                                                                                                                                                                      • Instruction ID: 736e058262f9c5d3e6658a3b8a826c1acc9708368b7754c3c8a648ffa041588c
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: db96e00cc6b4b287fff55fea4dfb09eb894066b00a5166a0ce01235829c5f081
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 93014C365407089ADB14DF64FD81FFEB3A8EF06314F005069EC05AB181EE72AA0AC670
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C24D10 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 32COMMONLIBRARYCODE
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • std::_Xinvalid_argument.LIBCPMT ref: 69C24E2C
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: Xinvalid_argumentstd::_
                                                                                                                                                                                                                                      • String ID: invalid string position$string too long
                                                                                                                                                                                                                                      • API String ID: 909987262-4289949731
                                                                                                                                                                                                                                      • Opcode ID: 76d01b083fbdb7dacd4939e3925203240dfc5bdb5f6f78852d43e53a3b2d658d
                                                                                                                                                                                                                                      • Instruction ID: df71e3fa241dfaefd0401e09e3a2ce4c1518e09a2269601a90e033551ba63e84
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 76d01b083fbdb7dacd4939e3925203240dfc5bdb5f6f78852d43e53a3b2d658d
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8BD05E385402287F2A34DAA9FCC0C4E769D6A181547C08819BF049F185FBA4D8006AA1
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C67450 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                        • Part of subcall function 69C62CC2: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,69C6747F,?,?,?,69C2133F), ref: 69C62CC7
                                                                                                                                                                                                                                        • Part of subcall function 69C62CC2: GetLastError.KERNEL32(?,69C6747F,?,?,?,69C2133F), ref: 69C62CD1
                                                                                                                                                                                                                                      • IsDebuggerPresent.KERNEL32(?,?,?,69C2133F), ref: 69C67483
                                                                                                                                                                                                                                      • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,69C2133F), ref: 69C67492
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 69C6748D
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: CountCriticalDebugDebuggerErrorInitializeLastOutputPresentSectionSpinString
                                                                                                                                                                                                                                      • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                                                                                      • API String ID: 450123788-631824599
                                                                                                                                                                                                                                      • Opcode ID: f3f1846b3b7ea1082508326226399beb31eeb927324f233f83340a69e436c061
                                                                                                                                                                                                                                      • Instruction ID: 7846d06c2348b54a9dbf1932d71fe144ddaec73802d863accbcd7f243446e43d
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f3f1846b3b7ea1082508326226399beb31eeb927324f233f83340a69e436c061
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 92E0ED702007908BE7308F39E18875A7BF8AF91300F008C1CD45ACA600FBB4D0448FB2
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C3FC31 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16COMMONLIBRARYCODE
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • std::invalid_argument::invalid_argument.LIBCONCRT ref: 69C3FC3D
                                                                                                                                                                                                                                        • Part of subcall function 69C3FBB2: std::exception::exception.LIBCONCRT ref: 69C3FBBF
                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 69C3FC4B
                                                                                                                                                                                                                                        • Part of subcall function 69C42BD6: RaiseException.KERNEL32(?,?,?,69C413B7,00000000,00000000,00000000,?,?,?,?,?,69C413B7,?,69C7B2E0), ref: 69C42C35
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: ExceptionException@8RaiseThrowstd::exception::exceptionstd::invalid_argument::invalid_argument
                                                                                                                                                                                                                                      • String ID: Unknown exception
                                                                                                                                                                                                                                      • API String ID: 1586462112-410509341
                                                                                                                                                                                                                                      • Opcode ID: 0a57ce79f315d66c702265ecb659309d2366396ac86aef17a71c0267804ad534
                                                                                                                                                                                                                                      • Instruction ID: 59df7f41faa0e027d69ac3f5af35e729348e72ed24c01e18bfb9704c83941158
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0a57ce79f315d66c702265ecb659309d2366396ac86aef17a71c0267804ad534
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 73D0A73CA002087BCB10DEE5F861D8C7B7C6E04204BC0C4A9A918C7040F770EA4686D1
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 69C54371 Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000009,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,?), ref: 69C54407
                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 69C54415
                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,00000000), ref: 69C54470
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000013.00000002.3486262426.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486235137.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486811452.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486843712.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486872490.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000013.00000002.3486900745.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 1717984340-0
                                                                                                                                                                                                                                      • Opcode ID: a252753ea3ddd9e00cfd7ed00269e276aa7313eab9b495e7fc1211c00705224e
                                                                                                                                                                                                                                      • Instruction ID: dbe5af2d0f73d0db38a828bbd3e7a08039b1a47f7925168ebfa1512390c7572f
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a252753ea3ddd9e00cfd7ed00269e276aa7313eab9b495e7fc1211c00705224e
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 94410631644216AFDB118F65E844BAA7BB9FF41360F108168FD6A9B1A0F7308D31C775
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Execution Graph

                                                                                                                                                                                                                                      Execution Coverage:17.9%
                                                                                                                                                                                                                                      Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                      Signature Coverage:0%
                                                                                                                                                                                                                                      Total number of Nodes:188
                                                                                                                                                                                                                                      Total number of Limit Nodes:16
                                                                                                                                                                                                                                      execution_graph 47312 15bad38 47316 15bae30 47312->47316 47324 15bae20 47312->47324 47313 15bad47 47317 15bae41 47316->47317 47318 15bae64 47316->47318 47317->47318 47332 15bb0c8 47317->47332 47336 15bb0b8 47317->47336 47318->47313 47319 15bae5c 47319->47318 47320 15bb068 GetModuleHandleW 47319->47320 47321 15bb095 47320->47321 47321->47313 47325 15bae41 47324->47325 47326 15bae64 47324->47326 47325->47326 47330 15bb0c8 LoadLibraryExW 47325->47330 47331 15bb0b8 LoadLibraryExW 47325->47331 47326->47313 47327 15bae5c 47327->47326 47328 15bb068 GetModuleHandleW 47327->47328 47329 15bb095 47328->47329 47329->47313 47330->47327 47331->47327 47333 15bb0dc 47332->47333 47334 15bb101 47333->47334 47340 15ba870 47333->47340 47334->47319 47337 15bb0dc 47336->47337 47338 15bb101 47337->47338 47339 15ba870 LoadLibraryExW 47337->47339 47338->47319 47339->47338 47341 15bb2a8 LoadLibraryExW 47340->47341 47343 15bb321 47341->47343 47343->47334 47344 15bd0b8 47345 15bd0bd GetCurrentProcess 47344->47345 47347 15bd149 47345->47347 47348 15bd150 GetCurrentThread 47345->47348 47347->47348 47349 15bd18d GetCurrentProcess 47348->47349 47350 15bd186 47348->47350 47351 15bd1c3 47349->47351 47350->47349 47352 15bd1eb GetCurrentThreadId 47351->47352 47353 15bd21c 47352->47353 47371 15b4668 47372 15b4684 47371->47372 47373 15b4696 47372->47373 47375 15b47a0 47372->47375 47376 15b47c5 47375->47376 47380 15b48a1 47376->47380 47384 15b48b0 47376->47384 47381 15b48d7 47380->47381 47382 15b49b4 47381->47382 47388 15b4248 47381->47388 47382->47382 47386 15b48d7 47384->47386 47385 15b49b4 47386->47385 47387 15b4248 CreateActCtxA 47386->47387 47387->47385 47389 15b5940 CreateActCtxA 47388->47389 47391 15b5a03 47389->47391 47302 9659920 47303 9659aab 47302->47303 47305 9659946 47302->47305 47305->47303 47306 9654bb0 47305->47306 47307 9659fa8 PostMessageW 47306->47307 47308 965a014 47307->47308 47308->47305 47309 15bd300 47310 15bd305 DuplicateHandle 47309->47310 47311 15bd396 47310->47311 47392 79b1060 47393 79b107a 47392->47393 47398 79b14c2 47393->47398 47407 79b10c0 47393->47407 47416 79b10b1 47393->47416 47394 79b1096 47399 79b1490 47398->47399 47400 79b14f8 47399->47400 47425 79b3258 47399->47425 47434 79b3268 47399->47434 47443 79b7ea8 47400->47443 47448 79b7f44 47400->47448 47453 79b7e99 47400->47453 47401 79b1586 47401->47394 47408 79b10ed 47407->47408 47409 79b14f8 47408->47409 47411 79b3258 9 API calls 47408->47411 47412 79b3268 9 API calls 47408->47412 47413 79b7e99 3 API calls 47409->47413 47414 79b7ea8 3 API calls 47409->47414 47415 79b7f44 3 API calls 47409->47415 47410 79b1586 47410->47394 47411->47408 47412->47408 47413->47410 47414->47410 47415->47410 47421 79b10ed 47416->47421 47417 79b14f8 47422 79b7e99 3 API calls 47417->47422 47423 79b7ea8 3 API calls 47417->47423 47424 79b7f44 3 API calls 47417->47424 47418 79b1586 47418->47394 47419 79b3258 9 API calls 47419->47421 47420 79b3268 9 API calls 47420->47421 47421->47417 47421->47419 47421->47420 47422->47418 47423->47418 47424->47418 47426 79b328f 47425->47426 47458 79b3308 47426->47458 47464 79b32f8 47426->47464 47427 79b32a1 47470 79b34d2 47427->47470 47478 79b34e0 47427->47478 47486 79b3552 47427->47486 47428 79b32d8 47428->47399 47435 79b328f 47434->47435 47441 79b3308 2 API calls 47435->47441 47442 79b32f8 2 API calls 47435->47442 47436 79b32a1 47438 79b3552 4 API calls 47436->47438 47439 79b34d2 4 API calls 47436->47439 47440 79b34e0 4 API calls 47436->47440 47437 79b32d8 47437->47399 47438->47437 47439->47437 47440->47437 47441->47436 47442->47436 47445 79b7ecf 47443->47445 47444 79b7f77 47444->47401 47445->47444 47513 7bf7030 47445->47513 47519 7bf701f 47445->47519 47449 79b7f12 47448->47449 47450 79b7f77 47449->47450 47451 7bf7030 3 API calls 47449->47451 47452 7bf701f 3 API calls 47449->47452 47450->47401 47451->47449 47452->47449 47454 79b7ecf 47453->47454 47455 79b7f77 47454->47455 47456 7bf7030 3 API calls 47454->47456 47457 7bf701f 3 API calls 47454->47457 47455->47401 47456->47454 47457->47454 47459 79b3341 47458->47459 47494 79b0760 47459->47494 47463 79b3381 47463->47427 47465 79b3308 47464->47465 47466 79b0760 OleInitialize 47465->47466 47467 79b334a GetKeyboardLayout 47466->47467 47469 79b3381 47467->47469 47469->47427 47471 79b34fc 47470->47471 47501 79b3ab8 47471->47501 47505 79b3a50 47471->47505 47509 79b3aa8 47471->47509 47472 79b35c6 KiUserExceptionDispatcher 47474 79b363f 47472->47474 47474->47428 47479 79b34fc 47478->47479 47483 79b3ab8 LdrInitializeThunk 47479->47483 47484 79b3aa8 LdrInitializeThunk 47479->47484 47485 79b3a50 LdrInitializeThunk 47479->47485 47480 79b35c6 KiUserExceptionDispatcher 47482 79b363f 47480->47482 47482->47428 47483->47480 47484->47480 47485->47480 47487 79b3565 47486->47487 47491 79b3ab8 LdrInitializeThunk 47487->47491 47492 79b3aa8 LdrInitializeThunk 47487->47492 47493 79b3a50 LdrInitializeThunk 47487->47493 47488 79b35c6 KiUserExceptionDispatcher 47490 79b363f 47488->47490 47490->47428 47491->47488 47492->47488 47493->47488 47495 79b076b 47494->47495 47496 79b334a GetKeyboardLayout 47495->47496 47498 79b0770 47495->47498 47496->47463 47499 79b3408 OleInitialize 47498->47499 47500 79b346c 47499->47500 47500->47496 47502 79b3adf 47501->47502 47503 79b3b17 LdrInitializeThunk 47502->47503 47504 79b3b0f 47502->47504 47503->47504 47504->47472 47506 79b3a55 47505->47506 47507 79b3b17 LdrInitializeThunk 47506->47507 47508 79b3b0f 47506->47508 47507->47508 47508->47472 47510 79b3a57 47509->47510 47510->47509 47511 79b3b17 LdrInitializeThunk 47510->47511 47512 79b3b0f 47510->47512 47511->47512 47512->47472 47514 7bf7057 47513->47514 47515 7bf70dc 47514->47515 47525 7bf9dbe 47514->47525 47529 7bf9380 47514->47529 47533 7bf88d1 47514->47533 47515->47445 47520 7bf7057 47519->47520 47521 7bf70dc 47520->47521 47522 7bf9dbe LdrInitializeThunk 47520->47522 47523 7bf88d1 LdrInitializeThunk 47520->47523 47524 7bf9380 LdrInitializeThunk 47520->47524 47521->47445 47522->47521 47523->47521 47524->47521 47526 7bf9da8 47525->47526 47527 7bf8a40 47525->47527 47527->47526 47528 7bf925b LdrInitializeThunk 47527->47528 47528->47527 47531 7bf8a40 47529->47531 47530 7bf9da8 47531->47530 47532 7bf925b LdrInitializeThunk 47531->47532 47532->47531 47536 7bf890d 47533->47536 47534 7bf9da8 47535 7bf925b LdrInitializeThunk 47535->47536 47536->47534 47536->47535 47354 7bfeb10 47355 7bfeb33 47354->47355 47359 7bffcc1 47355->47359 47363 7bffcd0 47355->47363 47356 7bfebed 47360 7bffd18 47359->47360 47361 7bffd21 47360->47361 47367 7bff87c 47360->47367 47361->47356 47364 7bffd18 47363->47364 47365 7bffd21 47364->47365 47366 7bff87c LoadLibraryW 47364->47366 47365->47356 47366->47365 47368 7bffe18 LoadLibraryW 47367->47368 47370 7bffe8d 47368->47370 47370->47361

                                                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                                                      Function 07BF88D1 Relevance: 4.6, APIs: 1, Strings: 1, Instructions: 1094COMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 1084 7bf88d1-7bf890b 1085 7bf890d 1084->1085 1086 7bf8912-7bf89ae 1084->1086 1085->1086 1089 7bf8a00-7bf8a3b 1086->1089 1090 7bf89b0-7bf89fa 1086->1090 1095 7bf9d89-7bf9da2 1089->1095 1090->1089 1098 7bf9da8-7bf9dce 1095->1098 1099 7bf8a40-7bf8bcf call 7bf4068 1095->1099 1101 7bf9ddd 1098->1101 1102 7bf9dd0-7bf9ddc 1098->1102 1118 7bf9d41-7bf9d5b 1099->1118 1106 7bf9dde 1101->1106 1102->1101 1106->1106 1120 7bf8bd4-7bf8d18 1118->1120 1121 7bf9d61-7bf9d85 1118->1121 1137 7bf8d4b-7bf8d92 1120->1137 1138 7bf8d1a-7bf8d46 1120->1138 1121->1095 1144 7bf8db7-7bf8dc6 1137->1144 1145 7bf8d94-7bf8db5 call 7bf5200 1137->1145 1141 7bf8dd9-7bf8f90 call 7bf53f0 1138->1141 1168 7bf8fe2-7bf8fed 1141->1168 1169 7bf8f92-7bf8fdc 1141->1169 1151 7bf8dcc-7bf8dd8 1144->1151 1145->1151 1151->1141 1332 7bf8ff3 call 7bfa2b8 1168->1332 1333 7bf8ff3 call 7bfa2f8 1168->1333 1169->1168 1171 7bf8ff9-7bf905d 1176 7bf90af-7bf90ba 1171->1176 1177 7bf905f-7bf90a9 1171->1177 1328 7bf90c0 call 7bfa2b8 1176->1328 1329 7bf90c0 call 7bfa2f8 1176->1329 1177->1176 1179 7bf90c6-7bf9129 1184 7bf917b-7bf9186 1179->1184 1185 7bf912b-7bf9175 1179->1185 1340 7bf918c call 7bfa2b8 1184->1340 1341 7bf918c call 7bfa2f8 1184->1341 1185->1184 1187 7bf9192-7bf91cb 1190 7bf9644-7bf96cb 1187->1190 1191 7bf91d1-7bf9234 1187->1191 1202 7bf96cd-7bf9723 1190->1202 1203 7bf9729-7bf9734 1190->1203 1199 7bf923b-7bf924f 1191->1199 1200 7bf9236 1191->1200 1326 7bf9255 call 9653160 1199->1326 1327 7bf9255 call 9653150 1199->1327 1200->1199 1202->1203 1330 7bf973a call 7bfa2b8 1203->1330 1331 7bf973a call 7bfa2f8 1203->1331 1206 7bf925b-7bf928d LdrInitializeThunk call 7bf8614 1210 7bf9292-7bf93ba call 7bf7540 call 7bf86f0 call 7bf298c call 7bf299c 1206->1210 1207 7bf9740-7bf97cd 1221 7bf97cf-7bf9825 1207->1221 1222 7bf982b-7bf9836 1207->1222 1245 7bf9627-7bf9643 1210->1245 1246 7bf93c0-7bf9412 1210->1246 1221->1222 1338 7bf983c call 7bfa2b8 1222->1338 1339 7bf983c call 7bfa2f8 1222->1339 1226 7bf9842-7bf98ba 1236 7bf98bc-7bf9912 1226->1236 1237 7bf9918-7bf9923 1226->1237 1236->1237 1336 7bf9929 call 7bfa2b8 1237->1336 1337 7bf9929 call 7bfa2f8 1237->1337 1241 7bf992f-7bf999b 1255 7bf99ed-7bf99f8 1241->1255 1256 7bf999d-7bf99e7 1241->1256 1245->1190 1253 7bf9464-7bf94df 1246->1253 1254 7bf9414-7bf945e 1246->1254 1269 7bf9531-7bf95ab 1253->1269 1270 7bf94e1-7bf952b 1253->1270 1254->1253 1334 7bf99fe call 7bfa2b8 1255->1334 1335 7bf99fe call 7bfa2f8 1255->1335 1256->1255 1260 7bf9a04-7bf9a49 1271 7bf9b7f-7bf9d00 1260->1271 1272 7bf9a4f-7bf9b7e 1260->1272 1286 7bf95fd-7bf9626 1269->1286 1287 7bf95ad-7bf95f7 1269->1287 1270->1269 1322 7bf9d08-7bf9d28 1271->1322 1272->1271 1286->1245 1287->1286 1323 7bf9d2a-7bf9d3f 1322->1323 1324 7bf9d40 1322->1324 1323->1324 1324->1118 1326->1206 1327->1206 1328->1179 1329->1179 1330->1207 1331->1207 1332->1171 1333->1171 1334->1260 1335->1260 1336->1241 1337->1241 1338->1226 1339->1226 1340->1187 1341->1187
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000015.00000002.2070494348.0000000007BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07BF0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_21_2_7bf0000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: k%
                                                                                                                                                                                                                                      • API String ID: 0-691860151
                                                                                                                                                                                                                                      • Opcode ID: 132cb50741e1b9825139735372b4aa830a49424fce78210a9c38c56889346eaf
                                                                                                                                                                                                                                      • Instruction ID: 316a8f5c85f95ed821c0fa4b6cb030f6080417ef81b61f8932ba282bed1dc531
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 132cb50741e1b9825139735372b4aa830a49424fce78210a9c38c56889346eaf
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3FC2A2B4A012299FDB64DF24D898B9DB7B2FB49304F1085E9D80DA7350DB35AE85CF41
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 07C00CF0 Relevance: 20.6, Strings: 16, Instructions: 618COMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 294 7c00cf0-7c00d35 299 7c00e67-7c00e7a 294->299 300 7c00d3b-7c00d3d 294->300 303 7c00f70-7c00f7b 299->303 304 7c00e80-7c00e8f 299->304 301 7c00d40-7c00d4f 300->301 307 7c00d55-7c00d87 301->307 308 7c00e07-7c00e0b 301->308 306 7c00f83-7c00f8c 303->306 314 7c00e95-7c00ebb 304->314 315 7c00f3b-7c00f3f 304->315 343 7c00d90-7c00d97 307->343 344 7c00d89-7c00d8e 307->344 309 7c00e1a 308->309 310 7c00e0d-7c00e18 308->310 313 7c00e1f-7c00e22 309->313 310->313 313->306 319 7c00e28-7c00e2c 313->319 341 7c00ec4-7c00ecb 314->341 342 7c00ebd-7c00ec2 314->342 316 7c00f41-7c00f4c 315->316 317 7c00f4e 315->317 322 7c00f50-7c00f52 316->322 317->322 323 7c00e3b 319->323 324 7c00e2e-7c00e39 319->324 327 7c00fa3-7c0101d 322->327 328 7c00f54-7c00f5e 322->328 325 7c00e3d-7c00e3f 323->325 324->325 332 7c00e45-7c00e4f 325->332 333 7c00f8f-7c00f9c 325->333 376 7c010f1-7c01104 327->376 377 7c01023-7c01025 327->377 336 7c00f61-7c00f6a 328->336 345 7c00e52-7c00e5c 332->345 333->327 336->303 336->304 348 7c00ef0-7c00f14 341->348 349 7c00ecd-7c00eee 341->349 347 7c00f2f-7c00f39 342->347 350 7c00d99-7c00dba 343->350 351 7c00dbc-7c00de0 343->351 352 7c00dfb-7c00e05 344->352 345->301 353 7c00e62 345->353 347->336 367 7c00f16-7c00f1c 348->367 368 7c00f2c 348->368 349->347 350->352 369 7c00de2-7c00de8 351->369 370 7c00df8 351->370 352->345 353->306 371 7c00f20-7c00f22 367->371 372 7c00f1e 367->372 368->347 373 7c00dea 369->373 374 7c00dec-7c00dee 369->374 370->352 371->368 372->368 373->370 374->370 381 7c0110a-7c01119 376->381 382 7c0119c-7c011a7 376->382 378 7c01028-7c01037 377->378 383 7c01091-7c01095 378->383 384 7c01039-7c01045 378->384 391 7c01167-7c0116b 381->391 392 7c0111b-7c01144 381->392 385 7c011af-7c011b8 382->385 386 7c010a4 383->386 387 7c01097-7c010a2 383->387 397 7c0104f-7c01066 384->397 390 7c010a9-7c010ac 386->390 387->390 390->385 396 7c010b2-7c010b6 390->396 394 7c0117a 391->394 395 7c0116d-7c01178 391->395 412 7c01146-7c0114c 392->412 413 7c0115c-7c01165 392->413 398 7c0117c-7c0117e 394->398 395->398 399 7c010c5 396->399 400 7c010b8-7c010c3 396->400 410 7c0106c-7c0106e 397->410 404 7c01180-7c0118a 398->404 405 7c011cf-7c01217 398->405 402 7c010c7-7c010c9 399->402 400->402 408 7c011bb-7c011c8 402->408 409 7c010cf-7c010d9 402->409 417 7c0118d-7c01196 404->417 430 7c01219-7c0121f 405->430 431 7c0122f-7c01251 405->431 408->405 424 7c010dc-7c010e6 409->424 414 7c01070-7c01076 410->414 415 7c01086-7c0108f 410->415 418 7c01150-7c01152 412->418 419 7c0114e 412->419 413->417 422 7c01078 414->422 423 7c0107a-7c0107c 414->423 415->424 417->381 417->382 418->413 419->413 422->415 423->415 424->378 428 7c010ec 424->428 428->385 432 7c01221 430->432 433 7c01223-7c01225 430->433 436 7c01254-7c01258 431->436 432->431 433->431 437 7c01261-7c01266 436->437 438 7c0125a-7c0125f 436->438 439 7c0126c-7c0126f 437->439 438->439 440 7c01460-7c01468 439->440 441 7c01275-7c0128a 439->441 441->436 443 7c0128c 441->443 444 7c01400 443->444 445 7c01293-7c012b8 443->445 446 7c01348-7c0136d 443->446 449 7c0140a-7c01421 444->449 458 7c012ba-7c012bc 445->458 459 7c012be-7c012c2 445->459 456 7c01373-7c01377 446->456 457 7c0136f-7c01371 446->457 450 7c01427-7c0145b 449->450 450->436 462 7c01398-7c013bb 456->462 463 7c01379-7c01396 456->463 461 7c013d5-7c013fb 457->461 464 7c01320-7c01343 458->464 465 7c012e3-7c01306 459->465 466 7c012c4-7c012e1 459->466 461->436 480 7c013d3 462->480 481 7c013bd-7c013c3 462->481 463->461 464->436 482 7c01308-7c0130e 465->482 483 7c0131e 465->483 466->464 480->461 484 7c013c5 481->484 485 7c013c7-7c013c9 481->485 486 7c01310 482->486 487 7c01312-7c01314 482->487 483->464 484->480 485->480 486->483 487->483
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000015.00000002.2070568861.0000000007C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C00000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_21_2_7c00000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: $^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
                                                                                                                                                                                                                                      • API String ID: 0-2449488485
                                                                                                                                                                                                                                      • Opcode ID: 1ab1f992a524d86f4cc5ae00320f7dae2e4b7ebcd104c15eb6acc78db9f43828
                                                                                                                                                                                                                                      • Instruction ID: a2440a3e3cd9a317cc6ca8be336f6609661899f5beaa76e6495330bf917b368b
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1ab1f992a524d86f4cc5ae00320f7dae2e4b7ebcd104c15eb6acc78db9f43828
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E422A270B042499FCB089B69C894A6EBBF6FF89300F14846AD506DB3A1CF75DD418BD1
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 07C014EC Relevance: 7.8, Strings: 6, Instructions: 336COMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 488 7c014ec 489 7c014f6 488->489 490 7c01500-7c01517 489->490 491 7c0151d-7c0151f 490->491 492 7c01521-7c01527 491->492 493 7c01537-7c01559 491->493 494 7c01529 492->494 495 7c0152b-7c0152d 492->495 498 7c015a0-7c015a7 493->498 494->493 495->493 499 7c014d9-7c014e8 498->499 500 7c015ad-7c016af 498->500 503 7c014ea 499->503 504 7c0155b-7c0155f 499->504 503->488 505 7c01561-7c0156c 504->505 506 7c0156e 504->506 508 7c01573-7c01576 505->508 506->508 508->500 511 7c01578-7c0157c 508->511 512 7c0158b 511->512 513 7c0157e-7c01589 511->513 514 7c0158d-7c0158f 512->514 513->514 516 7c016b2-7c0170f 514->516 517 7c01595-7c0159f 514->517 524 7c01711-7c01717 516->524 525 7c01727-7c01749 516->525 517->498 526 7c01719 524->526 527 7c0171b-7c0171d 524->527 530 7c0174c-7c01750 525->530 526->525 527->525 531 7c01752-7c01757 530->531 532 7c01759-7c0175e 530->532 533 7c01764-7c01767 531->533 532->533 534 7c01a27-7c01a2f 533->534 535 7c0176d-7c01782 533->535 535->530 537 7c01784 535->537 538 7c01840-7c018f3 537->538 539 7c018f8-7c01925 537->539 540 7c0178b-7c0183b 537->540 541 7c0196f-7c01994 537->541 538->530 559 7c0192b-7c01935 539->559 560 7c01a9e-7c01adf 539->560 540->530 555 7c01996-7c01998 541->555 556 7c0199a-7c0199e 541->556 561 7c019fc-7c01a22 555->561 562 7c019a0-7c019bd 556->562 563 7c019bf-7c019e2 556->563 566 7c01a68-7c01a97 559->566 567 7c0193b-7c0196a 559->567 561->530 562->561 582 7c019e4-7c019ea 563->582 583 7c019fa 563->583 566->560 567->530 586 7c019ec 582->586 587 7c019ee-7c019f0 582->587 583->561 586->583 587->583
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000015.00000002.2070568861.0000000007C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C00000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_21_2_7c00000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: $^q$$^q$$^q$$^q$$^q$$^q
                                                                                                                                                                                                                                      • API String ID: 0-2392861976
                                                                                                                                                                                                                                      • Opcode ID: 912c1722e49976abdf64387abcb77cd3fe6122dba04e0389fa08d04fc3aad4c4
                                                                                                                                                                                                                                      • Instruction ID: 0007a8bf5f2a1e72ce6d62f3bdd60a96ace481cba6e7dc5a2a50f5c5e36cd080
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 912c1722e49976abdf64387abcb77cd3fe6122dba04e0389fa08d04fc3aad4c4
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6BC1F1B07006099FDB189B69C894A2EB7E6FF89704F148469E5028B3E2CF79DD4687D1
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 015BD0A8 Relevance: 6.1, APIs: 4, Instructions: 133threadCOMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 716 15bd0a8-15bd0b6 717 15bd0b8-15bd0bc 716->717 718 15bd0bd-15bd147 GetCurrentProcess 716->718 717->718 722 15bd149-15bd14f 718->722 723 15bd150-15bd184 GetCurrentThread 718->723 722->723 724 15bd18d-15bd1c1 GetCurrentProcess 723->724 725 15bd186-15bd18c 723->725 727 15bd1ca-15bd1e5 call 15bd289 724->727 728 15bd1c3-15bd1c9 724->728 725->724 731 15bd1eb-15bd21a GetCurrentThreadId 727->731 728->727 732 15bd21c-15bd222 731->732 733 15bd223-15bd285 731->733 732->733
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32 ref: 015BD136
                                                                                                                                                                                                                                      • GetCurrentThread.KERNEL32 ref: 015BD173
                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32 ref: 015BD1B0
                                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 015BD209
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000015.00000002.2055466417.00000000015B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015B0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_21_2_15b0000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: Current$ProcessThread
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2063062207-0
                                                                                                                                                                                                                                      • Opcode ID: 4a1f5cad0be465eb3904607a0321543746090aecebaaed497a86148d4cc27775
                                                                                                                                                                                                                                      • Instruction ID: a2d7080360097471712d46b877b1f670c4413bef8336c3b24cfc5263849b8998
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4a1f5cad0be465eb3904607a0321543746090aecebaaed497a86148d4cc27775
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 025138B0D012498FDB14DFA9D548BDEBFF1FB88314F208869E459AB3A0DB345944CB65
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 015BD0B8 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 740 15bd0b8-15bd147 GetCurrentProcess 745 15bd149-15bd14f 740->745 746 15bd150-15bd184 GetCurrentThread 740->746 745->746 747 15bd18d-15bd1c1 GetCurrentProcess 746->747 748 15bd186-15bd18c 746->748 750 15bd1ca-15bd1e5 call 15bd289 747->750 751 15bd1c3-15bd1c9 747->751 748->747 754 15bd1eb-15bd21a GetCurrentThreadId 750->754 751->750 755 15bd21c-15bd222 754->755 756 15bd223-15bd285 754->756 755->756
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32 ref: 015BD136
                                                                                                                                                                                                                                      • GetCurrentThread.KERNEL32 ref: 015BD173
                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32 ref: 015BD1B0
                                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 015BD209
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000015.00000002.2055466417.00000000015B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015B0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_21_2_15b0000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: Current$ProcessThread
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2063062207-0
                                                                                                                                                                                                                                      • Opcode ID: 1222bb9b7887077a943767786fad76469b90377abe5c2a9568cac9486ede8f54
                                                                                                                                                                                                                                      • Instruction ID: 3fea34170c78f368e9fd14d104bd967215097a89db42d562fff959c6ad5b3e89
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1222bb9b7887077a943767786fad76469b90377abe5c2a9568cac9486ede8f54
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 955127B0D016498FDB14DFA9D548BDEBBF1BB88314F208859E419AB3A0DB349984CF65
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 015BAE30 Relevance: 1.7, APIs: 1, Instructions: 196COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • GetModuleHandleW.KERNELBASE(00000000), ref: 015BB086
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000015.00000002.2055466417.00000000015B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015B0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_21_2_15b0000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: HandleModule
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 4139908857-0
                                                                                                                                                                                                                                      • Opcode ID: 60c8ba9bd4a0f48abf90b64be22c32ee996c17d6974403d16e40be5605574ab7
                                                                                                                                                                                                                                      • Instruction ID: fed77ccc4dd78ef239d2c273dc9ddd069cc6e788a6ae6f2e90769b22fa03c7e0
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 60c8ba9bd4a0f48abf90b64be22c32ee996c17d6974403d16e40be5605574ab7
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7F7137B0A00B458FD724DF29D58479ABBF1FF88304F10892DE59ADBA50D775E849CB90
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 07C005F8 Relevance: 1.6, Strings: 1, Instructions: 391COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000015.00000002.2070568861.0000000007C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C00000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_21_2_7c00000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: jPj
                                                                                                                                                                                                                                      • API String ID: 0-2042862226
                                                                                                                                                                                                                                      • Opcode ID: 8a8055d1706db09d4a2cd54b8569d97a0fa9944fadccec0058c10859016efedd
                                                                                                                                                                                                                                      • Instruction ID: 8f7658d14ccf286e3f1bc48bab987cdc30bbc437e59e06be2cbac584278fca77
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8a8055d1706db09d4a2cd54b8569d97a0fa9944fadccec0058c10859016efedd
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6AE17C707403149FCB149F68C895B297BE6FB8A704F119469E6029B3E1CFBADC858BD1
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 079B34E0 Relevance: 1.6, APIs: 1, Instructions: 123COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • KiUserExceptionDispatcher.NTDLL ref: 079B3628
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000015.00000002.2069218530.00000000079B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079B0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_21_2_79b0000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: DispatcherExceptionUser
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 6842923-0
                                                                                                                                                                                                                                      • Opcode ID: c363a06237d165f5ad2cecc5f1879c16a4d3bc57dc06e52f5f52b49e766f1641
                                                                                                                                                                                                                                      • Instruction ID: 5c8ea9761549c3b579cdf40381e61b04404a2a2b4ce157ca3c6a7bf61640d8a7
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c363a06237d165f5ad2cecc5f1879c16a4d3bc57dc06e52f5f52b49e766f1641
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B651E4B4E01208DFCB08EFA5D5946DDBBB2FB89304F20912AD416BB354DB396946CF41
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 079B34D2 Relevance: 1.6, APIs: 1, Instructions: 118COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • KiUserExceptionDispatcher.NTDLL ref: 079B3628
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000015.00000002.2069218530.00000000079B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079B0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_21_2_79b0000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: DispatcherExceptionUser
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 6842923-0
                                                                                                                                                                                                                                      • Opcode ID: edd1492a90498b135375097447c2fffa2c4ffe6f0305b81f27d0c2fc6a1a7969
                                                                                                                                                                                                                                      • Instruction ID: f97e63947a7d049323b37be0b879a0c9da0619004609bb57e256296c2b77efb7
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: edd1492a90498b135375097447c2fffa2c4ffe6f0305b81f27d0c2fc6a1a7969
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C041D2B4E01209DFCB08EFA5D5946DEBBB2FF88304F20912AD416AB764DB395946CF41
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 015B5935 Relevance: 1.6, APIs: 1, Instructions: 98COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • CreateActCtxA.KERNEL32(?), ref: 015B59F1
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000015.00000002.2055466417.00000000015B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015B0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_21_2_15b0000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: Create
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2289755597-0
                                                                                                                                                                                                                                      • Opcode ID: 37507875ae1584c2dedb93d68e3af3db59b7a32a1d406c72ce96b159f660a80c
                                                                                                                                                                                                                                      • Instruction ID: 5ec264047f42c87652bf6f9efdf4fed11e804a968d7ec2618012540a49baac83
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 37507875ae1584c2dedb93d68e3af3db59b7a32a1d406c72ce96b159f660a80c
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8741EFB0C10719CADB24CFA9C8847DDBBF5BF49304F24846AD408BB255DBB56986CF90
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 015B4248 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • CreateActCtxA.KERNEL32(?), ref: 015B59F1
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000015.00000002.2055466417.00000000015B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015B0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_21_2_15b0000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: Create
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2289755597-0
                                                                                                                                                                                                                                      • Opcode ID: 9aba1b7bcb5dcc2425129e9af013817c23bff08796b09759cc3286c28d650c49
                                                                                                                                                                                                                                      • Instruction ID: bec96a5b5f0a39830c3eea95384f1e55969a210f4b78cc3d6d73b646386a715f
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9aba1b7bcb5dcc2425129e9af013817c23bff08796b09759cc3286c28d650c49
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9041EFB0D1071DCADB24DFA9C884BDEBBB5BF49304F24846AD408BB251EBB56945CF90
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 079B3552 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • KiUserExceptionDispatcher.NTDLL ref: 079B3628
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000015.00000002.2069218530.00000000079B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079B0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_21_2_79b0000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: DispatcherExceptionUser
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 6842923-0
                                                                                                                                                                                                                                      • Opcode ID: 8f94feb9a845a055e66bee23e8b2337dc0ce9b182d3004314f0f162057f7e93e
                                                                                                                                                                                                                                      • Instruction ID: 3d9acc0902b3b92d0cf93792b60f7c1c4086cf31cf8c4a63940e0bebcfc748e4
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8f94feb9a845a055e66bee23e8b2337dc0ce9b182d3004314f0f162057f7e93e
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CB31A2B4E01209DFCB04EFA4D5949DEBBB2FF48304F20912AD416AB764DA396D46CF41
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 015BD2F9 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 015BD387
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000015.00000002.2055466417.00000000015B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015B0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_21_2_15b0000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: DuplicateHandle
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 3793708945-0
                                                                                                                                                                                                                                      • Opcode ID: 4ceaa0121c613609b9f66d7139d936e2e0b1994d4a694a5ba6a9729a773d6b0d
                                                                                                                                                                                                                                      • Instruction ID: 450943e366882237ff19eceb06de1704b4c8f2a1b77c306c6b4fffa831f1ce92
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4ceaa0121c613609b9f66d7139d936e2e0b1994d4a694a5ba6a9729a773d6b0d
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 922114B59002089FDB10CFAAD584ADEBFF8FB48314F10841AE958B7311D378A940CFA0
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 015BD300 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 015BD387
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000015.00000002.2055466417.00000000015B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015B0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_21_2_15b0000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: DuplicateHandle
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 3793708945-0
                                                                                                                                                                                                                                      • Opcode ID: b81b70134cbed5eb0333af7776b5345ae0829549dd866d28f8992006a4252fe4
                                                                                                                                                                                                                                      • Instruction ID: ec7f1fbc3b73b461a950d12d44e40fd84310f48a5dcc1da3202895c8736b29ec
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b81b70134cbed5eb0333af7776b5345ae0829549dd866d28f8992006a4252fe4
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0021E4B59002089FDB10CFAAD584ADEBFF4FB48310F14841AE918A7310C378A940CFA4
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 079B3AB8 Relevance: 1.6, APIs: 1, Instructions: 60libraryCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000015.00000002.2069218530.00000000079B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079B0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_21_2_79b0000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                                                                                                      • Opcode ID: d203b85e1eb94420a1667d9ccc20ed7caa26560c5114599907a3b14d74250b81
                                                                                                                                                                                                                                      • Instruction ID: 7fb0b585a53e5f8878a201706a0684b53e34df4a71018dae0d55c5ecd3c58e10
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d203b85e1eb94420a1667d9ccc20ed7caa26560c5114599907a3b14d74250b81
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1F21F2B4E01229DFCB18DFA9E580ADDBBB5FB89314F10902AE415BB364DB345841CF54
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 015BA870 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,015BB101,00000800,00000000,00000000), ref: 015BB312
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000015.00000002.2055466417.00000000015B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015B0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_21_2_15b0000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: LibraryLoad
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 1029625771-0
                                                                                                                                                                                                                                      • Opcode ID: 6408c368cd2433f01ddaceb03be32a2176f488810a024f998315581ddb2c3d24
                                                                                                                                                                                                                                      • Instruction ID: 51b3cd7f029cd4d66af9ed9dc36716b1f5ef3c8a84b9871e7a535e844d597f17
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6408c368cd2433f01ddaceb03be32a2176f488810a024f998315581ddb2c3d24
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7911D0B69003499FDB14DF9AD484ADEFBF4EB48310F10842AE919AB210C3B5A945CFA5
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 015BB2A0 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,015BB101,00000800,00000000,00000000), ref: 015BB312
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000015.00000002.2055466417.00000000015B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015B0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_21_2_15b0000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: LibraryLoad
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 1029625771-0
                                                                                                                                                                                                                                      • Opcode ID: d1a7fb42a5627b9da0e61e2ae9012196df7a9889008e34399163d3d0f9269fdd
                                                                                                                                                                                                                                      • Instruction ID: f1d786a064401a0e8fcac40e8fec8bda3ac06f7ff590a9df0601a7c41cf1ebb9
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d1a7fb42a5627b9da0e61e2ae9012196df7a9889008e34399163d3d0f9269fdd
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6A1112B69002498FDB14DFAAD484ADEFBF4EB88310F14842AD919AB210C3B5A545CFA0
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 07BFF87C Relevance: 1.6, APIs: 1, Instructions: 53libraryCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • LoadLibraryW.KERNELBASE(00000000,?,?,?,?,00000000,00000E20,?,?,07BFFD76), ref: 07BFFE7E
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000015.00000002.2070494348.0000000007BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07BF0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_21_2_7bf0000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: LibraryLoad
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 1029625771-0
                                                                                                                                                                                                                                      • Opcode ID: 7430e01bb4eff892c8a3ad4f53051373affa194f6710772df5028b9804e4490b
                                                                                                                                                                                                                                      • Instruction ID: 072db3dba352bc84619bb76096aa4ff464bbfde6a114023692647a3451fb8c51
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7430e01bb4eff892c8a3ad4f53051373affa194f6710772df5028b9804e4490b
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F81112B29003198FDB20DF9AD444BAEFBF5EB88610F10846AD519A7311C379A945CFA0
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 07BFFE10 Relevance: 1.6, APIs: 1, Instructions: 51libraryCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • LoadLibraryW.KERNELBASE(00000000,?,?,?,?,00000000,00000E20,?,?,07BFFD76), ref: 07BFFE7E
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000015.00000002.2070494348.0000000007BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07BF0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_21_2_7bf0000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: LibraryLoad
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 1029625771-0
                                                                                                                                                                                                                                      • Opcode ID: deed6525c0b6c81bc5bcefa7b92c2441702abe80ed1ea792c0011a5e4ac120ad
                                                                                                                                                                                                                                      • Instruction ID: 039ad6d08c0a7514643043b1874d8cf06b36a68c3eed94fc5e1842649aa9095b
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: deed6525c0b6c81bc5bcefa7b92c2441702abe80ed1ea792c0011a5e4ac120ad
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5C1150B6D003098FDB10CFAAC444B9EFBF4EF48314F10846AC419A7211C378A54ACFA0
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 079B32F8 Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • GetKeyboardLayout.USER32(00000000), ref: 079B336E
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000015.00000002.2069218530.00000000079B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079B0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_21_2_79b0000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: KeyboardLayout
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 194098044-0
                                                                                                                                                                                                                                      • Opcode ID: d6f8bcdce5987e553d53c890f67d6030d68f5b6826125a3b2e85903fdf087ad0
                                                                                                                                                                                                                                      • Instruction ID: 8aac6ce7990456ef2be73f325e7f28c6d4b774f5a9a95c1a21e6ddbbec94ccd2
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d6f8bcdce5987e553d53c890f67d6030d68f5b6826125a3b2e85903fdf087ad0
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 061153B0900309CFCB20EFA9D0497DEBFF4EB49224F108869D409AB610D739A544CBA5
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 015BB020 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • GetModuleHandleW.KERNELBASE(00000000), ref: 015BB086
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000015.00000002.2055466417.00000000015B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015B0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_21_2_15b0000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: HandleModule
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 4139908857-0
                                                                                                                                                                                                                                      • Opcode ID: d60eea59c931596a3e14c05a4a16901fc0c212313ed1ee033e03e268a0ac110a
                                                                                                                                                                                                                                      • Instruction ID: 32fbd0814b4f7837f2c877df20b4fb2f373072a3d1809c6811cd9b9f5dad5062
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d60eea59c931596a3e14c05a4a16901fc0c212313ed1ee033e03e268a0ac110a
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D411E0B5D003498FDB20DF9AD484ADEFBF4AB89324F10842AD569B7210C3B9A545CFA5
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 079B3400 Relevance: 1.5, APIs: 1, Instructions: 47comCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • OleInitialize.OLE32(00000000), ref: 079B345D
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000015.00000002.2069218530.00000000079B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079B0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_21_2_79b0000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: Initialize
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2538663250-0
                                                                                                                                                                                                                                      • Opcode ID: dc444fbc2df8ed9fc10e67819a90091b111e5d9032dfe1bbfc61f6f1cf00d11b
                                                                                                                                                                                                                                      • Instruction ID: 1ee677a85a407a70d68f93b3a1a4517e431de31c86bd4705db991bfe722536ff
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dc444fbc2df8ed9fc10e67819a90091b111e5d9032dfe1bbfc61f6f1cf00d11b
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 651145B5900309CFCB20DFAAE544BCEBBF4EB48324F14841AD559A7250C375A584CFA5
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 09654BB0 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000010,00000000,?), ref: 0965A005
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000015.00000002.2073715574.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_21_2_9650000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: MessagePost
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 410705778-0
                                                                                                                                                                                                                                      • Opcode ID: fa866d424c28cee693550833c3e80f2559f93c0e2dc9d8ae339d55c576461bf3
                                                                                                                                                                                                                                      • Instruction ID: 49c3a15f4f4d28946f75c7e4c24d93cbcbf2eff462dd607e1015fcda24f56053
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fa866d424c28cee693550833c3e80f2559f93c0e2dc9d8ae339d55c576461bf3
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3911F5B5800349DFCB10DF99D489BDEBBF8EB48314F108419E959A7201C375A944CFA1
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 079B0770 Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • OleInitialize.OLE32(00000000), ref: 079B345D
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000015.00000002.2069218530.00000000079B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079B0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_21_2_79b0000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: Initialize
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2538663250-0
                                                                                                                                                                                                                                      • Opcode ID: 652577aa6f0c696b922785a5553f4d3c82449b739df7925c478adae631326c7f
                                                                                                                                                                                                                                      • Instruction ID: 7356c323d487b3d018dae8d0d99ac2668bbfe2fb15eb477b454b62fe40996912
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 652577aa6f0c696b922785a5553f4d3c82449b739df7925c478adae631326c7f
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C11133B0900308DFCB20DF9AD548BDEBBF8EB48324F108819D519A7210C374A940CFA5
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 079B3308 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • GetKeyboardLayout.USER32(00000000), ref: 079B336E
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000015.00000002.2069218530.00000000079B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079B0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_21_2_79b0000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: KeyboardLayout
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 194098044-0
                                                                                                                                                                                                                                      • Opcode ID: 0805e2c0046419d7bfe31088b6acff6190d278af60632bb8364cbbf2e62a020e
                                                                                                                                                                                                                                      • Instruction ID: c58ed07dd60aba0e0c8483d3d87de1ebac1ac09b294cbab215c3d937278cddc1
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0805e2c0046419d7bfe31088b6acff6190d278af60632bb8364cbbf2e62a020e
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 741122B09003199FCB20EFAAD5497DEBBF4EB49224F108829D419AB240D779A944CFA5
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 09659FA0 Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000010,00000000,?), ref: 0965A005
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000015.00000002.2073715574.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_21_2_9650000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: MessagePost
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 410705778-0
                                                                                                                                                                                                                                      • Opcode ID: dc32e6e2e317778b95aea0a68d0e9954dcc9a1fba7ee8e96400dc6c870dc4c3b
                                                                                                                                                                                                                                      • Instruction ID: 3ca33b30bca63e4d1adbd2080311925c38d4d1be750c5f3971e6a31b682309d6
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dc32e6e2e317778b95aea0a68d0e9954dcc9a1fba7ee8e96400dc6c870dc4c3b
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EA11E3B58003499FCB20DF99D589BEEBBF4FB48314F10851AE959A7610C375A984CFA0
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 07C01B08 Relevance: 1.5, Instructions: 1478COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000015.00000002.2070568861.0000000007C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C00000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_21_2_7c00000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 5f9c665f3ee481e42e796968548317b45cb5e8b93eec98df31a5f993dfdf428d
                                                                                                                                                                                                                                      • Instruction ID: 391699d43c1ce1aab4527534fb4664d7a7a03dc0ebf090e45b32a9a413f18e1b
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5f9c665f3ee481e42e796968548317b45cb5e8b93eec98df31a5f993dfdf428d
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4AC27F70B402189FCB14DB68CD94AADBBB2FF89700F108099E605AB3A5DB71DD81DF91
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 07C00048 Relevance: .7, Instructions: 676COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000015.00000002.2070568861.0000000007C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C00000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_21_2_7c00000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 38141513b218d0ff24dd44e2df364300d08d4a072e83f6970e601e064b9701a1
                                                                                                                                                                                                                                      • Instruction ID: 8d9b43c7f6667686178ab6a89c90dae52dc240a7cb84d2e9d6e54cd267778a8a
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 38141513b218d0ff24dd44e2df364300d08d4a072e83f6970e601e064b9701a1
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DD4257707406258FCB24AF68D450A2EBBE2FBC5204B11496CD5039B7A1CFBAED458BD6
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 07C0200D Relevance: .6, Instructions: 576COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000015.00000002.2070568861.0000000007C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C00000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_21_2_7c00000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 92853a5b100885a3922bfd171abcd7acfa871ffbf710d2ccd25b61f49d5a80d0
                                                                                                                                                                                                                                      • Instruction ID: 18f6be8a3cab762dd883662b78ccd680d3315f1122711afd0bb86d96090b7daf
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 92853a5b100885a3922bfd171abcd7acfa871ffbf710d2ccd25b61f49d5a80d0
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 932250B4740218DFCB149B24C995AAE77F2FF88704F118099EA065B3A6CF71DD829BD1
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 07C03B4F Relevance: .5, Instructions: 526COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000015.00000002.2070568861.0000000007C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C00000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_21_2_7c00000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 5f7b68cbc5ac316e3126abea8af7f858b6fe879eda8adaa038e94e5a15d4f96f
                                                                                                                                                                                                                                      • Instruction ID: 0bc1f3f40c313521e903810b9f5915797fb2e876709e98a97aacd056c40c3183
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5f7b68cbc5ac316e3126abea8af7f858b6fe879eda8adaa038e94e5a15d4f96f
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7B121674B402189FCB04DF68C994EADBBB6EF89704F11809AE506DB3A5DB71ED41CB90
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 07C00508 Relevance: .5, Instructions: 461COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000015.00000002.2070568861.0000000007C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C00000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_21_2_7c00000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 0870225023f2857cd68c9335f9e9224cef3a990ad5c5d472b38f587aeeb320a1
                                                                                                                                                                                                                                      • Instruction ID: 1c67ae6c504bc7394c384e440aaecf6460d12f481b3ddd5b0b4f7e012c1cd020
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0870225023f2857cd68c9335f9e9224cef3a990ad5c5d472b38f587aeeb320a1
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2C0267707407149FCB149F68C894B2E7BE2FB8A704F118869D5029B7A1CFBAEC458BD5
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 07C00580 Relevance: .4, Instructions: 440COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000015.00000002.2070568861.0000000007C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C00000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_21_2_7c00000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 0768d3d1b4344f2c6d421219df92391a58e3be5d2ea99d4ea5748cca82303af3
                                                                                                                                                                                                                                      • Instruction ID: d4175b0c003c81c14b9d022d6d3addf8e7c08bbd20d8c2e9279a3fe695d881d3
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0768d3d1b4344f2c6d421219df92391a58e3be5d2ea99d4ea5748cca82303af3
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2FF158707407149FCB149F68C894B2A7BE2FB8A704F118469D5029B7A1CFBAEC858BD1
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 07C00003 Relevance: .4, Instructions: 361COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000015.00000002.2070568861.0000000007C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C00000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_21_2_7c00000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 6ef4141b9d78b0bf2a2d8f561bf0716565eec4e881b28f9d937b370240df2d79
                                                                                                                                                                                                                                      • Instruction ID: 29021372b7c05ff9b62b0ca5702aff5239127113eb8db36bbf9f9c84a40cd3bb
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6ef4141b9d78b0bf2a2d8f561bf0716565eec4e881b28f9d937b370240df2d79
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FFD17D707403049FDB018B64C899B697BF6BF8A700F1590AAE6029B3E2CB75DC85DBD1
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 07C00670 Relevance: .4, Instructions: 353COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000015.00000002.2070568861.0000000007C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C00000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_21_2_7c00000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 68e95ca01e94fbb1e14a5392b802cafa553c2d4609ea619fb8e4e282dc6aad04
                                                                                                                                                                                                                                      • Instruction ID: a4481494f62bb558561038cc6aa49f42446177039f313933373fc52fb8039d05
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 68e95ca01e94fbb1e14a5392b802cafa553c2d4609ea619fb8e4e282dc6aad04
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C4D16BB07403049FDB048B64C895B297BF6FB8A704F119069E6029B3E1CFBADD859BD1
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 07C035B3 Relevance: .1, Instructions: 78COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000015.00000002.2070568861.0000000007C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C00000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_21_2_7c00000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 2185552ddebfb7ab46a0282c54668c7b6c3dac78536ebe741b308bc91cb90147
                                                                                                                                                                                                                                      • Instruction ID: b2ddabd57b51fcc17dbe1d48139edc620ecb47af8af0de627d13c6a047eefce0
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2185552ddebfb7ab46a0282c54668c7b6c3dac78536ebe741b308bc91cb90147
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B5215C35740004AFCB54CF69D984DA9BBB2EF88714F1180A9E9059F3B1DB31ED45CB50
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 0132D4C4 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000015.00000002.2054035868.000000000132D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0132D000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_21_2_132d000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 135e4c641e82224911c91560ca78cd6d1014d25d8a6def8d2c2384aa22b706f4
                                                                                                                                                                                                                                      • Instruction ID: 2235368d3b795fd8c51347aa4ec8feded7810130610f7d39db5f43e9aaf3a2ff
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 135e4c641e82224911c91560ca78cd6d1014d25d8a6def8d2c2384aa22b706f4
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8F212271504244DFDB05EF58D9C0B2ABFA5FB8831CF30C669E9094B256C376D456CAA2
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 0154D01C Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000015.00000002.2055103979.000000000154D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0154D000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_21_2_154d000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: d0f2850e61a50ea372a3ac79294fdf88b8fb16212374e44257e4924d7a3ea871
                                                                                                                                                                                                                                      • Instruction ID: 59779d206ab0971944b5c1cb7bd2520f71584f18c70210f72784e0c0c5705694
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d0f2850e61a50ea372a3ac79294fdf88b8fb16212374e44257e4924d7a3ea871
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A1210071604200DFCB15DF98D984B2ABBB5FB94318F20C96DD80E4F256D33AD446CA61
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 07C00FD1 Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000015.00000002.2070568861.0000000007C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C00000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_21_2_7c00000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 7a0b1431cf00b825a6474de81644409e372b1cd761ff50cae82cc13ea2effa6c
                                                                                                                                                                                                                                      • Instruction ID: 1244575aaa892eace00b12b5e32e36fcbd7dd4b407ba8e077e75cd851f7dbd9f
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7a0b1431cf00b825a6474de81644409e372b1cd761ff50cae82cc13ea2effa6c
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F621D170B00145DFDB049B69D94496EBBE6FFC8314B28856AE51A9B3E1CB71CC0187E1
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 0154D006 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000015.00000002.2055103979.000000000154D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0154D000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_21_2_154d000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 41e84cba84804d9039f37e384489e195bc9fc5d6162cef47cdb92d73bc79016e
                                                                                                                                                                                                                                      • Instruction ID: 3966d27414dbdae97ce26815676e8fce2a3aa6fd06d7803ba2653a8bd4bc0cbe
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 41e84cba84804d9039f37e384489e195bc9fc5d6162cef47cdb92d73bc79016e
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 602192755093808FDB13CF64D994715BF71FB46218F28C5DAD8498F2A7C33A980ACB62
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 0132D4BF Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000015.00000002.2054035868.000000000132D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0132D000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_21_2_132d000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                                                                                                                                                      • Instruction ID: c7e7c0e9d3b14ce08680d05fbfd0b5c0d4bc28f129ae4b349fbddffba5870153
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1911E172404280CFDB02DF54D5C4B16BF71FB84318F34C6A9D8090B256C336D45ACBA1
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 0132D655 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000015.00000002.2054035868.000000000132D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0132D000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_21_2_132d000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: fdc3fabe12553628811982ef26c23eca857be1ce9232d33460ac7bb09adc97aa
                                                                                                                                                                                                                                      • Instruction ID: 9cd947564daa5908fae37d9f159ba56516658fe5e729de3969445d50e223e775
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fdc3fabe12553628811982ef26c23eca857be1ce9232d33460ac7bb09adc97aa
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9101F7311083549AE720AA69CE84767BF9CEF41338F18C82AED0D4A286C279D840CA71
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 0132D654 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000015.00000002.2054035868.000000000132D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0132D000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_21_2_132d000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 0480ae348019c654f9789d80b821c3f7c022483fdf686ac0ec1a09a4d4f286b9
                                                                                                                                                                                                                                      • Instruction ID: c2c2528241704ff70d8e87eefae20a113f4c0468af31bb8f4209a2dc00e78ef5
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0480ae348019c654f9789d80b821c3f7c022483fdf686ac0ec1a09a4d4f286b9
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F6F0C2710083449AE7209E1ADDC8B63FFA8EB41238F18C85AED0C1A286C2799840CAB0
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Execution Graph

                                                                                                                                                                                                                                      Execution Coverage:18.1%
                                                                                                                                                                                                                                      Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                      Signature Coverage:0%
                                                                                                                                                                                                                                      Total number of Nodes:159
                                                                                                                                                                                                                                      Total number of Limit Nodes:13
                                                                                                                                                                                                                                      execution_graph 40079 5a21060 40080 5a2107a 40079->40080 40084 5a210c0 40080->40084 40092 5a210b1 40080->40092 40081 5a21096 40085 5a210ed 40084->40085 40086 5a214f8 40085->40086 40100 5a27348 40085->40100 40106 5a27358 40085->40106 40112 5a27e92 40086->40112 40117 5a27ea0 40086->40117 40087 5a21586 40087->40081 40093 5a210ed 40092->40093 40094 5a214f8 40093->40094 40096 5a27348 5 API calls 40093->40096 40097 5a27358 5 API calls 40093->40097 40098 5a27e92 5 API calls 40094->40098 40099 5a27ea0 5 API calls 40094->40099 40095 5a21586 40095->40081 40096->40093 40097->40093 40098->40095 40099->40095 40101 5a2737f 40100->40101 40122 5a275d0 40101->40122 40129 5a275bf 40101->40129 40136 5a27589 40101->40136 40102 5a273c8 40102->40085 40107 5a2737f 40106->40107 40109 5a275d0 3 API calls 40107->40109 40110 5a27589 3 API calls 40107->40110 40111 5a275bf 3 API calls 40107->40111 40108 5a273c8 40108->40085 40109->40108 40110->40108 40111->40108 40114 5a27ec7 40112->40114 40113 5a27f6f 40113->40087 40114->40113 40152 6282da8 40114->40152 40160 6282d98 40114->40160 40118 5a27ec7 40117->40118 40119 5a27f6f 40118->40119 40120 6282da8 5 API calls 40118->40120 40121 6282d98 5 API calls 40118->40121 40119->40087 40120->40118 40121->40118 40123 5a275ec 40122->40123 40144 5a27790 40123->40144 40148 5a277a0 40123->40148 40124 5a276b6 KiUserExceptionDispatcher 40126 5a2772f 40124->40126 40126->40102 40130 5a275ec 40129->40130 40134 5a277a0 LdrInitializeThunk 40130->40134 40135 5a27790 LdrInitializeThunk 40130->40135 40131 5a276b6 KiUserExceptionDispatcher 40133 5a2772f 40131->40133 40133->40102 40134->40131 40135->40131 40138 5a2758b 40136->40138 40137 5a275a3 40137->40102 40138->40137 40142 5a277a0 LdrInitializeThunk 40138->40142 40143 5a27790 LdrInitializeThunk 40138->40143 40139 5a276b6 KiUserExceptionDispatcher 40141 5a2772f 40139->40141 40141->40102 40142->40139 40143->40139 40145 5a277c7 40144->40145 40146 5a277ff LdrInitializeThunk 40145->40146 40147 5a277f7 40145->40147 40146->40147 40147->40124 40149 5a277c7 40148->40149 40150 5a277ff LdrInitializeThunk 40149->40150 40151 5a277f7 40149->40151 40150->40151 40151->40124 40153 6282da9 40152->40153 40154 6282e54 40153->40154 40168 62844b8 40153->40168 40172 6284e17 40153->40172 40176 6284ef6 40153->40176 40180 6284763 40153->40180 40184 62839d0 40153->40184 40154->40114 40161 6282d9c 40160->40161 40162 6282e54 40161->40162 40163 62844b8 LdrInitializeThunk 40161->40163 40164 62839d0 LdrInitializeThunk 40161->40164 40165 6284763 LdrInitializeThunk 40161->40165 40166 6284ef6 LdrInitializeThunk 40161->40166 40167 6284e17 LdrInitializeThunk 40161->40167 40162->40114 40163->40162 40164->40162 40165->40162 40166->40162 40167->40162 40170 6283d0c 40168->40170 40169 6284e99 40169->40169 40170->40169 40171 6284393 LdrInitializeThunk 40170->40171 40171->40170 40175 6283d0c 40172->40175 40173 6284e99 40173->40173 40174 6284393 LdrInitializeThunk 40174->40175 40175->40173 40175->40174 40179 6283b78 40176->40179 40177 6284e99 40177->40177 40178 6284393 LdrInitializeThunk 40178->40179 40179->40177 40179->40178 40182 6283d0c 40180->40182 40181 6284e99 40181->40181 40182->40181 40183 6284393 LdrInitializeThunk 40182->40183 40183->40182 40186 62839d5 40184->40186 40185 6284e99 40185->40185 40186->40185 40187 6284393 LdrInitializeThunk 40186->40187 40187->40186 40263 6289ad0 40264 6289af3 40263->40264 40268 628ac8f 40264->40268 40272 628ac90 40264->40272 40265 6289bad 40269 628acd8 40268->40269 40270 628ace1 40269->40270 40276 628a834 40269->40276 40270->40265 40273 628acd8 40272->40273 40274 628ace1 40273->40274 40275 628a834 LoadLibraryW 40273->40275 40274->40265 40275->40274 40277 628add8 LoadLibraryW 40276->40277 40279 628ae4d 40277->40279 40279->40270 40188 5a274a8 40189 5a274b3 40188->40189 40190 5a274c3 40189->40190 40192 5a26e3c 40189->40192 40193 5a274f8 OleInitialize 40192->40193 40194 5a2755c 40193->40194 40194->40190 40195 2634668 40196 2634684 40195->40196 40197 2634696 40196->40197 40199 26347a0 40196->40199 40200 26347a4 40199->40200 40204 26348a1 40200->40204 40208 26348b0 40200->40208 40205 26348a4 40204->40205 40206 26349b4 40205->40206 40212 2634248 40205->40212 40206->40206 40210 26348d7 40208->40210 40209 26349b4 40209->40209 40210->40209 40211 2634248 CreateActCtxA 40210->40211 40211->40209 40213 2635940 CreateActCtxA 40212->40213 40215 2635a03 40213->40215 40215->40215 40216 263d0b8 40217 263d0fe 40216->40217 40221 263d289 40217->40221 40224 263d298 40217->40224 40218 263d1eb 40227 263c9a0 40221->40227 40225 263d2c6 40224->40225 40226 263c9a0 DuplicateHandle 40224->40226 40225->40218 40226->40225 40228 263d300 DuplicateHandle 40227->40228 40229 263d2c6 40228->40229 40229->40218 40230 263ad38 40231 263ad3a 40230->40231 40235 263ae20 40231->40235 40243 263ae30 40231->40243 40232 263ad47 40236 263ae24 40235->40236 40237 263ae64 40236->40237 40251 263b0c8 40236->40251 40255 263b0b8 40236->40255 40237->40232 40238 263ae5c 40238->40237 40239 263b068 GetModuleHandleW 40238->40239 40240 263b095 40239->40240 40240->40232 40244 263ae32 40243->40244 40245 263ae64 40244->40245 40249 263b0c8 LoadLibraryExW 40244->40249 40250 263b0b8 LoadLibraryExW 40244->40250 40245->40232 40246 263ae5c 40246->40245 40247 263b068 GetModuleHandleW 40246->40247 40248 263b095 40247->40248 40248->40232 40249->40246 40250->40246 40252 263b0dc 40251->40252 40254 263b101 40252->40254 40259 263a870 40252->40259 40254->40238 40256 263b0bc 40255->40256 40257 263b101 40256->40257 40258 263a870 LoadLibraryExW 40256->40258 40257->40238 40258->40257 40260 263b2a8 LoadLibraryExW 40259->40260 40262 263b321 40260->40262 40262->40254

                                                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                                                      Function 062839D0 Relevance: 2.6, APIs: 1, Instructions: 1110COMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 1477 62839d0-6283a43 1482 6283a4a-6283ae6 1477->1482 1483 6283a45 1477->1483 1486 6283b38-6284eda 1482->1486 1487 6283ae8-6283b32 1482->1487 1483->1482 1495 6283b78-6283d07 call 5a29180 1486->1495 1496 6284ee0-6284f06 1486->1496 1487->1486 1514 6284e79-6284e93 1495->1514 1498 6284f08-6284f14 1496->1498 1499 6284f15 1496->1499 1498->1499 1502 6284f16 1499->1502 1502->1502 1516 6284e99-6284ebd 1514->1516 1517 6283d0c-6283e50 1514->1517 1522 6284ebe 1516->1522 1534 6283e52-6283e7e 1517->1534 1535 6283e83-6283eca 1517->1535 1522->1522 1538 6283f11-62840c8 1534->1538 1540 6283ecc-6283eed 1535->1540 1541 6283eef-6283efe 1535->1541 1563 628411a-6284125 1538->1563 1564 62840ca-6284114 1538->1564 1547 6283f04-6283f10 1540->1547 1541->1547 1547->1538 1724 628412b call 6285030 1563->1724 1725 628412b call 6285021 1563->1725 1564->1563 1566 6284131-6284195 1571 62841e7-62841f2 1566->1571 1572 6284197-62841e1 1566->1572 1727 62841f8 call 6285030 1571->1727 1728 62841f8 call 6285021 1571->1728 1572->1571 1573 62841fe-6284261 1579 62842b3-62842be 1573->1579 1580 6284263-62842ad 1573->1580 1718 62842c4 call 6285030 1579->1718 1719 62842c4 call 6285021 1579->1719 1580->1579 1581 62842ca-6284303 1585 6284309-628436c 1581->1585 1586 628477c-6284803 1581->1586 1594 628436e 1585->1594 1595 6284373-62843c5 LdrInitializeThunk call 628392c 1585->1595 1597 6284861-628486c 1586->1597 1598 6284805-628485b 1586->1598 1594->1595 1605 62843ca-62844f2 call 6283428 1595->1605 1722 6284872 call 6285030 1597->1722 1723 6284872 call 6285021 1597->1723 1598->1597 1602 6284878-6284905 1614 6284963-628496e 1602->1614 1615 6284907-628495d 1602->1615 1636 62844f8-628454a 1605->1636 1637 628475f-628477b 1605->1637 1720 6284974 call 6285030 1614->1720 1721 6284974 call 6285021 1614->1721 1615->1614 1619 628497a-62849f2 1628 6284a50-6284a5b 1619->1628 1629 62849f4-6284a4a 1619->1629 1731 6284a61 call 6285030 1628->1731 1732 6284a61 call 6285021 1628->1732 1629->1628 1633 6284a67-6284ad3 1647 6284b25-6284b30 1633->1647 1648 6284ad5-6284b1f 1633->1648 1645 628459c-6284617 1636->1645 1646 628454c-6284596 1636->1646 1637->1586 1661 6284669-62846e3 1645->1661 1662 6284619-6284663 1645->1662 1646->1645 1729 6284b36 call 6285030 1647->1729 1730 6284b36 call 6285021 1647->1730 1648->1647 1652 6284b3c-6284b54 1656 6284b5c-6284b81 1652->1656 1663 6284cb7-6284e60 1656->1663 1664 6284b87-6284cb6 1656->1664 1677 6284735-628475e 1661->1677 1678 62846e5-628472f 1661->1678 1662->1661 1715 6284e78 1663->1715 1716 6284e62-6284e77 1663->1716 1664->1663 1677->1637 1678->1677 1715->1514 1716->1715 1718->1581 1719->1581 1720->1619 1721->1619 1722->1602 1723->1602 1724->1566 1725->1566 1727->1573 1728->1573 1729->1652 1730->1652 1731->1633 1732->1633
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000017.00000002.2147051428.0000000006280000.00000040.00000800.00020000.00000000.sdmp, Offset: 06280000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_23_2_6280000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 8e4655d0cb4f92ab62340c9867347089028e371089f25cbec04a97545964ac68
                                                                                                                                                                                                                                      • Instruction ID: 06e9d1e920aaed0f0e6970c0611a681bc1fc83737fa9aaebf64ccf31cf25d90d
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8e4655d0cb4f92ab62340c9867347089028e371089f25cbec04a97545964ac68
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2CC2A074E122298FDBA4EF64D998B9DBBB1EB89304F1085E9D40DA7354DB306E85CF40
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 062714EA Relevance: 7.8, Strings: 6, Instructions: 336COMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 906 62714ea-62714ec 907 62714f6 906->907 908 6271500-6271517 907->908 909 627151d-627151f 908->909 910 6271537-6271559 909->910 911 6271521-6271527 909->911 916 62715a0-62715a7 910->916 912 627152b-627152d 911->912 913 6271529 911->913 912->910 913->910 917 62715ad-62716af 916->917 918 62714d9-62714e8 916->918 918->906 921 627155b-627155f 918->921 922 6271561-627156c 921->922 923 627156e 921->923 925 6271573-6271576 922->925 923->925 925->917 928 6271578-627157c 925->928 929 627157e-6271589 928->929 930 627158b 928->930 931 627158d-627158f 929->931 930->931 933 6271595-627159f 931->933 934 62716b2-627170f 931->934 933->916 941 6271727-6271749 934->941 942 6271711-6271717 934->942 947 627174c-6271750 941->947 943 627171b-627171d 942->943 944 6271719 942->944 943->941 944->941 948 6271752-6271757 947->948 949 6271759-627175e 947->949 950 6271764-6271767 948->950 949->950 951 6271a27-6271a2f 950->951 952 627176d-6271782 950->952 952->947 954 6271784 952->954 955 6271840-62718f3 954->955 956 627196f-6271994 954->956 957 627178b-627183b 954->957 958 62718f8-6271925 954->958 955->947 971 6271996-6271998 956->971 972 627199a-627199e 956->972 957->947 977 6271a9e-6271adf 958->977 978 627192b-6271935 958->978 976 62719fc-6271a22 971->976 979 62719a0-62719bd 972->979 980 62719bf-62719e2 972->980 976->947 983 627193b-627196a 978->983 984 6271a68-6271a97 978->984 979->976 1000 62719e4-62719ea 980->1000 1001 62719fa 980->1001 983->947 984->977 1003 62719ee-62719f0 1000->1003 1004 62719ec 1000->1004 1001->976 1003->1001 1004->1001
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000017.00000002.2147008088.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_23_2_6270000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: $^q$$^q$$^q$$^q$$^q$$^q
                                                                                                                                                                                                                                      • API String ID: 0-2392861976
                                                                                                                                                                                                                                      • Opcode ID: b30b6e9eddb9169093ddc3227b64ea82b6865af6fed337ddf55d64cfe5dc9fba
                                                                                                                                                                                                                                      • Instruction ID: e893984282c4ac8276a498a35b75eee2b1426a3919288c4bda5431925f63b5a9
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b30b6e9eddb9169093ddc3227b64ea82b6865af6fed337ddf55d64cfe5dc9fba
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B6C10330B20305CFDB989B28D858E2AB7F6EF85700F148859E9128B3A6CF75DC56C791
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 05A27589 Relevance: 1.6, APIs: 1, Instructions: 128COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • KiUserExceptionDispatcher.NTDLL ref: 05A27718
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000017.00000002.2143120765.0000000005A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A20000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_23_2_5a20000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: DispatcherExceptionUser
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 6842923-0
                                                                                                                                                                                                                                      • Opcode ID: 75b21b7b86c8cab9b7eb7bef8ce2cb2c21620a94ca0159cd1011271ebab91f52
                                                                                                                                                                                                                                      • Instruction ID: e3bd51f1ef7393dcce6995fa9fdc6ff226212960967b4e5bbc1e1451d270ce3a
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 75b21b7b86c8cab9b7eb7bef8ce2cb2c21620a94ca0159cd1011271ebab91f52
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D6512875E00218CFCB58DFA9D594AEEBBB2FF88300F20812AD416AB354DB355946CF40
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 05A275D0 Relevance: 1.6, APIs: 1, Instructions: 123COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • KiUserExceptionDispatcher.NTDLL ref: 05A27718
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000017.00000002.2143120765.0000000005A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A20000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_23_2_5a20000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: DispatcherExceptionUser
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 6842923-0
                                                                                                                                                                                                                                      • Opcode ID: d44a5d6a080bda8ef9cbaac623b0ae4207d94c978e40c7e1fcb5bdedbb5dc661
                                                                                                                                                                                                                                      • Instruction ID: 723efef687bf24ee02405cb7f72985e0cec23ef4a38730a9644971eb8ba8ff5b
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d44a5d6a080bda8ef9cbaac623b0ae4207d94c978e40c7e1fcb5bdedbb5dc661
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BE51C374E00219DFCB58DFA9D594AEDBBB2FF88300F10942AE416AB364DB345946CF40
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 05A275BF Relevance: 1.6, APIs: 1, Instructions: 121COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • KiUserExceptionDispatcher.NTDLL ref: 05A27718
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000017.00000002.2143120765.0000000005A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A20000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_23_2_5a20000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: DispatcherExceptionUser
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 6842923-0
                                                                                                                                                                                                                                      • Opcode ID: 2ae16973b0d7828170faf2fbebd14a53c829c75f0fe4022c8da3fca4ef519d1f
                                                                                                                                                                                                                                      • Instruction ID: 9b6c6bd8956f18113e857cfb2ad0fa6ea8814d358ce2e87b3d9d677e3cca84f1
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2ae16973b0d7828170faf2fbebd14a53c829c75f0fe4022c8da3fca4ef519d1f
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1F41E575E00219CFCB58DFA9D594ADDBBB2FF88300F10952AE416AB364DB345946CF40
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 05A277A0 Relevance: 1.6, APIs: 1, Instructions: 60libraryCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000017.00000002.2143120765.0000000005A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A20000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_23_2_5a20000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                                                                                                      • Opcode ID: b0443ff48b7849fee2cb6ab7b8a6a28bebc3aeca70f991cb8573ff18b34f2918
                                                                                                                                                                                                                                      • Instruction ID: cce23721426eff0dc68b0ef2cf835a00a13be109098e592cece3ec5ed413b5c7
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b0443ff48b7849fee2cb6ab7b8a6a28bebc3aeca70f991cb8573ff18b34f2918
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A9219375E01218DFCB08DFA9E485ADDBBB6FB89310F10906AE515B7360DB306981CF54
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 0628A834 Relevance: 1.6, APIs: 1, Instructions: 53libraryCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • LoadLibraryW.KERNELBASE(00000000,?,?,?,?,00000000,00000E20,?,?,0628AD36), ref: 0628AE3E
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000017.00000002.2147051428.0000000006280000.00000040.00000800.00020000.00000000.sdmp, Offset: 06280000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_23_2_6280000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: LibraryLoad
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 1029625771-0
                                                                                                                                                                                                                                      • Opcode ID: 82ec8ccd9921f3f4040b8dd95d68d2c6f10754b913d972f5db517fc783081539
                                                                                                                                                                                                                                      • Instruction ID: 1c3250a0801f5b188facbc2add84a999a89df7d142560feb5d9abd365b451320
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 82ec8ccd9921f3f4040b8dd95d68d2c6f10754b913d972f5db517fc783081539
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 561153B1C003098FCB10DF9AC804ADEFBF5EF88310F10842AD959A7250C779A945CFA0
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 0628ADD7 Relevance: 1.6, APIs: 1, Instructions: 50libraryCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • LoadLibraryW.KERNELBASE(00000000,?,?,?,?,00000000,00000E20,?,?,0628AD36), ref: 0628AE3E
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000017.00000002.2147051428.0000000006280000.00000040.00000800.00020000.00000000.sdmp, Offset: 06280000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_23_2_6280000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: LibraryLoad
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 1029625771-0
                                                                                                                                                                                                                                      • Opcode ID: 307c4a56165a4577274c81c78a7e94dc9714dd0c65aa364810f0bfce9b92277e
                                                                                                                                                                                                                                      • Instruction ID: 310bdc79e3cc76dc70ac2c508dfb95884be096efe4a1a4c090f3c308f71db4cf
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 307c4a56165a4577274c81c78a7e94dc9714dd0c65aa364810f0bfce9b92277e
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7D1143B5C003498FCB20DFAAD844ADEFBF5AF88324F14842AD859B7250C379A545CFA0
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 05A26E3C Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • OleInitialize.OLE32(00000000), ref: 05A2754D
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000017.00000002.2143120765.0000000005A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A20000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_23_2_5a20000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: Initialize
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2538663250-0
                                                                                                                                                                                                                                      • Opcode ID: 8550ae08f494e356f5d0e0a7a2aae080b5a34e774dc4f38894818cb0ef51a20d
                                                                                                                                                                                                                                      • Instruction ID: 312253b98b1a080e44958ef0b8d475a0ea8bb7dbf89294e53acd155d6bc250e7
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8550ae08f494e356f5d0e0a7a2aae080b5a34e774dc4f38894818cb0ef51a20d
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 171130B49002588FDB20DF9AC549B9EFBF8EB48324F208419D959A7210C378AA40CFA5
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 05A274F0 Relevance: 1.5, APIs: 1, Instructions: 44comCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • OleInitialize.OLE32(00000000), ref: 05A2754D
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000017.00000002.2143120765.0000000005A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A20000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_23_2_5a20000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: Initialize
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2538663250-0
                                                                                                                                                                                                                                      • Opcode ID: 743dbad000b28e63bc3c3b5b6666ea0ca5d0ee8af83ea2a2ce03e47d9d9dbceb
                                                                                                                                                                                                                                      • Instruction ID: 5ab02cd1ce93f3f7809a034541324d045042cabeb6d20f4387c3544ef9f6aa85
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 743dbad000b28e63bc3c3b5b6666ea0ca5d0ee8af83ea2a2ce03e47d9d9dbceb
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BB1112B5D002588FCB20DF99D545BDEFBF4EB48324F24845AD959B7210C374A684CFA5
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 06272020 Relevance: 1.0, Instructions: 1037COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000017.00000002.2147008088.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_23_2_6270000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 8291958dd778467e57677e65ce496a6dc540d3888c3573c1f58d45045333df3a
                                                                                                                                                                                                                                      • Instruction ID: eb116b1f40935551c0e1753b4b3dedb556e466ace1c7576037a4a91a3f6e38db
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8291958dd778467e57677e65ce496a6dc540d3888c3573c1f58d45045333df3a
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 00924270B40218DFCB559B64CD50FAEBBB2EF88700F118099DA06AB365DB719E81DF51
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 0627201E Relevance: .6, Instructions: 566COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000017.00000002.2147008088.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_23_2_6270000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: aad6fd2e776258a8948d143d5f76b4183f6f095f22b59e2ac02bc5f1872ec7f6
                                                                                                                                                                                                                                      • Instruction ID: 5bdcdb0f91ab4eda911b01ef0324fb9d50e64359a898c3175a5a41dd4495ee34
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: aad6fd2e776258a8948d143d5f76b4183f6f095f22b59e2ac02bc5f1872ec7f6
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9122A574B50118CFCB549B24C995EAEB7B2EF88704F118099ED065B3A5CF71EE818F91
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 06270508 Relevance: .5, Instructions: 461COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000017.00000002.2147008088.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_23_2_6270000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 01024b20831d0baab5d4847828a010e3c13fdcbea44fd8e0ce4f051ddd512324
                                                                                                                                                                                                                                      • Instruction ID: feb95c77bd8b3747f9f9c21e2182e7e6794ef77061e4ac8d1bacac6f24198b42
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 01024b20831d0baab5d4847828a010e3c13fdcbea44fd8e0ce4f051ddd512324
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 33029D707606148FDB649F64C454A2EB7E2FB8A704F10885DD903AB3A1CFB6ED498B85
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 06270580 Relevance: .4, Instructions: 425COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000017.00000002.2147008088.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_23_2_6270000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: b2d78c8b4136580721c7ba230b585ddff3a7e09fc4a71bbec8d6671289b90def
                                                                                                                                                                                                                                      • Instruction ID: 7dcea261d3c1f1d931b69693130c426c5ec21069d4475b35ffd9f6ade0f9777f
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b2d78c8b4136580721c7ba230b585ddff3a7e09fc4a71bbec8d6671289b90def
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0AF1AF707607148FDB509F64C894A2E77E2FF8A700F108459DA03AB3A1CFB6EC498B85
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 06270662 Relevance: .3, Instructions: 329COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000017.00000002.2147008088.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_23_2_6270000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: b14161965618a75db7f42923f3446cddc1e9888f669d283f6a4f0e7c93dbbd99
                                                                                                                                                                                                                                      • Instruction ID: dc76ca8065da54ed41f53a9c56f031ef9fff96d548917fc17a8d4fc82628c7b4
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b14161965618a75db7f42923f3446cddc1e9888f669d283f6a4f0e7c93dbbd99
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 79C17374B60204DFEB449B55C998F2977A7FF89704F108059EA02EB3A1CBB6DC49CB91
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                      Function 062735B3 Relevance: .1, Instructions: 78COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000017.00000002.2147008088.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_23_2_6270000_gg.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 9aabd19d6c384105e20a9df2a4c67334e47e8e908ac36e245c7343f9d9f6ea3b
                                                                                                                                                                                                                                      • Instruction ID: 03e21c1f1f1824673a5a50b5caafb951c99f72e89ee9e81ff498b751379c2c64
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9aabd19d6c384105e20a9df2a4c67334e47e8e908ac36e245c7343f9d9f6ea3b
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9B215A35B80104AFDB54CF69D984EAABBB2EF88714F1180A9ED059F365DA31EC46CB10
                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                      Uniqueness Score: -1.00%