Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
f_0002b5.exe

Overview

General Information

Sample name:f_0002b5.exe
(renamed file extension from none to exe)
Original sample name:f_0002b5
Analysis ID:1445830
MD5:aee6801792d67607f228be8cec8291f9
SHA1:bf6ba727ff14ca2fddf619f292d56db9d9088066
SHA256:1cdafbe519f60aaadb4a92e266fff709129f86f0c9ee595c45499c66092e0499
Infos:

Detection

Score:51
Range:0 - 100
Whitelisted:false
Confidence:100%

Compliance

Score:48
Range:0 - 100

Signatures

Detected unpacking (changes PE section rights)
Hides that the sample has been downloaded from the Internet (zone.identifier)
Queries memory information (via WMI often done to detect virtual machines)
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to launch a process as a different user
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Installs a raw input device (often for capturing keystrokes)
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
OS version to string mapping found (often used in BOTs)
PE file does not import any functions
Queries information about the installed CPU (vendor, model number etc)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: DNS Query To Remote Access Software Domain From Non-Browser App
Tries to disable installed Antivirus / HIPS / PFW
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses the system / local time for branch decision (may execute only at specific dates)

Classification

Process Tree

  • System is w7x64
  • f_0002b5.exe (PID: 2708 cmdline: "C:\Users\user\Desktop\f_0002b5.exe" MD5: AEE6801792D67607F228BE8CEC8291F9)
    • f_0002b5.exe (PID: 2704 cmdline: "C:\Users\user\Desktop\f_0002b5.exe" --local-service MD5: AEE6801792D67607F228BE8CEC8291F9)
    • f_0002b5.exe (PID: 1800 cmdline: "C:\Users\user\Desktop\f_0002b5.exe" --local-control MD5: AEE6801792D67607F228BE8CEC8291F9)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: DNS Query To Remote Access Software Domain From Non-Browser App
Source: DNS queryAuthor: frack113, Connor Martin: Data: Image: C:\Users\user\Desktop\f_0002b5.exe, QueryName: boot.net.anydesk.com

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Compliance

barindex
Uses 32bit PE files
Source: f_0002b5.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
PE / OLE file has a valid certificate
Source: f_0002b5.exeStatic PE information: certificate valid
Uses secure TLS version for HTTPS connections
Source: unknownHTTPS traffic detected: 57.129.19.1:443 -> 192.168.2.22:49166 version: TLS 1.2
Source: unknownHTTPS traffic detected: 89.187.179.132:443 -> 192.168.2.22:49168 version: TLS 1.2
Contains modern PE file flags such as dynamic base (ASLR) or NX
Source: f_0002b5.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Binary contains paths to debug symbols
Source: Binary string: C:\b\build\slave\win\build\src\out\Release\gcapi_dll.dll.pdbGCTL source: f_0002b5.exe, 00000002.00000002.613158752.00000000065B8000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmp, f_0002b5.exe, 00000002.00000003.385632800.00000000004D9000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000003.385584840.0000000006AF7000.00000004.00000001.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.613117431.00000000060E3000.00000004.00000001.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.613158752.00000000065D4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Buildbot\ad-windows-32\build\release\dwm_dda-32\privacy_feature\privacy_feature.pdb source: f_0002b5.exe, 00000000.00000002.612818555.00000000023B0000.00000004.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.612809391.00000000023B0000.00000004.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Buildbot\ad-windows-32\build\release\app-32\win_loader\AnyDesk.pdb source: f_0002b5.exe, 00000000.00000002.612872974.000000000255A000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612864108.000000000255A000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: C:\Buildbot\ad-windows-32\build\release\app-32\win_app\win_app.pdb@7 source: f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: C:\Buildbot\ad-windows-32\build\release\dwm_dda-64\win_dwm\win_dwm.pdb source: f_0002b5.exe, 00000000.00000002.612818555.00000000023B0000.00000004.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.612809391.00000000023B0000.00000004.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Buildbot\ad-windows-32\build\release\dwm_dda-32\win_dwm\win_dwm.pdb source: f_0002b5.exe, 00000000.00000002.612818555.0000000002374000.00000004.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.612809391.0000000002374000.00000004.00000001.01000000.00000003.sdmp
Source: Binary string: C:\Buildbot\ad-windows-32\build\release\dwm_dda-64\privacy_feature\privacy_feature.pdb source: f_0002b5.exe, 00000000.00000002.612818555.00000000023B0000.00000004.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.612809391.00000000023B0000.00000004.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Buildbot\ad-windows-32\build\release\app-32\win_app\win_app.pdb source: f_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\b\build\slave\win\build\src\out\Release\gcapi_dll.dll.pdb source: f_0002b5.exe, 00000002.00000002.613158752.00000000065B8000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmp, f_0002b5.exe, 00000002.00000003.385632800.00000000004D9000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000003.385584840.0000000006AF7000.00000004.00000001.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.613117431.00000000060E3000.00000004.00000001.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.613158752.00000000065D4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: SAS.pdbR source: f_0002b5.exe, 00000000.00000002.612818555.0000000002374000.00000004.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.612809391.0000000002374000.00000004.00000001.01000000.00000003.sdmp
Source: Binary string: SAS.pdb source: f_0002b5.exe, 00000000.00000002.612818555.0000000002374000.00000004.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.612809391.0000000002374000.00000004.00000001.01000000.00000003.sdmp
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: 2_2_6C696C6E FindFirstFileExA,2_2_6C696C6E
Source: global trafficTCP traffic: 192.168.2.22:49165 -> 195.181.174.167:6568
Source: Joe Sandbox ViewIP Address: 141.95.145.210 141.95.145.210
Source: Joe Sandbox ViewIP Address: 57.128.101.74 57.128.101.74
Source: Joe Sandbox ViewIP Address: 195.181.174.167 195.181.174.167
Source: Joe Sandbox ViewJA3 fingerprint: c91bde19008eefabce276152ccd51457
Source: global trafficDNS traffic detected: DNS query: boot.net.anydesk.com
Source: global trafficDNS traffic detected: DNS query: relay-0b975d23.net.anydesk.com
Source: global trafficDNS traffic detected: DNS query: api.playanext.com
Source: unknownHTTP traffic detected: POST /httpapi HTTP/1.1Host: api.playanext.comUser-Agent: AnyDesk/8.0.10Accept: */*Content-Length: 354Content-Type: application/x-www-form-urlencodedapi_key=c1426bd258099fa69f62933b466d4b77&event=[{"event_type":"check_offer","user_id":"d1e6315c5d1cd55be3a98d991cc225d4","session_id":1716389259216828,"ip":"$remote","event_properties":{"method_used":"Google Chrome Criteria Checker","offer_product":"Google Chrome","distributor":"AnyDesk","distributor_product":"AnyDesk","user_country":"United States"}}Data Raw: Data Ascii:
Source: f_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.612668557.0000000001D66000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://iptc.org/std/Iptc4xmpExt/2008-02-29/
Source: f_0002b5.exe, 00000000.00000002.612384315.00000000003CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ns.adobe.c/s
Source: f_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.612668557.0000000001D66000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://ns.useplus.org/ldf/xmp/1.0/
Source: f_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.612668557.0000000001D66000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.gimp.org/xmp/
Source: f_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.612668557.0000000001D66000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.opengl.org/registry/
Source: f_0002b5.exe, 00000003.00000002.612668557.0000000001D66000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.openssl.org/)
Source: f_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.openssl.org/support/faq.html
Source: f_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.openssl.org/support/faq.htmlEC_PRIVATEKEYpublicKeyparametersprivateKeyECPKPARAMETERSvalue
Source: f_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anydesk.com
Source: f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.612668557.0000000001D66000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://anydesk.com/
Source: f_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anydesk.com/company#imprint
Source: f_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anydesk.com/contact/sales
Source: f_0002b5.exe, 00000003.00000002.612668557.0000000001D66000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://anydesk.com/contact/sales)
Source: f_0002b5.exe, 00000003.00000002.612668557.0000000001D66000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://anydesk.com/de/datenschutz
Source: f_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.612668557.0000000001D66000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://anydesk.com/en/assembly
Source: f_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.612668557.0000000001D66000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://anydesk.com/en/assembly/terms
Source: f_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anydesk.com/en/changelog/windows
Source: f_0002b5.exe, 00000003.00000002.612668557.0000000001D66000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://anydesk.com/en/privacy
Source: f_0002b5.exe, 00000003.00000002.612668557.0000000001D66000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://anydesk.com/es/privacidad
Source: f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anydesk.com/order
Source: f_0002b5.exe, 00000000.00000002.612413000.000000000059D000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anydesk.com/pricing/teams
Source: f_0002b5.exe, 00000003.00000002.612668557.0000000001D66000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://anydesk.com/pricing/teams)
Source: f_0002b5.exe, 00000000.00000002.612466363.0000000000746000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anydesk.com/pricing/teams0
Source: f_0002b5.exe, 00000000.00000002.612413000.000000000059D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anydesk.com/pricing/teamse
Source: f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anydesk.com/privacy
Source: f_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anydesk.com/terms
Source: f_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anydesk.com/update
Source: f_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.612668557.0000000001D66000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://boot.net.anydesk.comabcdefABCDEFtruefalsetfInvalid
Source: f_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.612668557.0000000001D66000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://datatracker.ietf.org/ipr/1524/
Source: f_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.612668557.0000000001D66000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://datatracker.ietf.org/ipr/1526/
Source: f_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.612668557.0000000001D66000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://datatracker.ietf.org/ipr/1914/
Source: f_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.anydesk.com
Source: f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.anydesk.com/
Source: f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.anydesk.com/$
Source: f_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.anydesk.com/HelpLinkInstallLocationAnyDesk
Source: f_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://my.anydesk.com
Source: f_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.612668557.0000000001D66000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://my.anydesk.com/auth/realms/myanydesk/login-actions/reset-credentials
Source: f_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://my.anydesk.com/auth/realms/myanydesk/login-actions/reset-credentials?client_id=myanydesk-fro
Source: f_0002b5.exe, 00000003.00000002.612668557.0000000001D66000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://my.anydesk.com/auth/realms/myanydesk/protocol/openid-connect/registrations?client_id=myanyde
Source: f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://my.anydesk.com/password-generator.
Source: f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.612668557.0000000001D66000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://my.anydesk.com/v2
Source: f_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://order.anydesk.com/trial
Source: f_0002b5.exe, 00000000.00000003.346353200.000000000061D000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://policies.google.com/privacy?hl=$
Source: f_0002b5.exe, 00000000.00000002.612413000.000000000059D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.and
Source: f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.anydesk.com
Source: f_0002b5.exe, 00000000.00000002.612413000.000000000059D000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000003.346353200.000000000061D000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.anydesk.com/knowledge/account-migration
Source: f_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.anydesk.com/knowledge/anydesk-account
Source: f_0002b5.exe, 00000000.00000002.612997780.00000000044E0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.anydesk.com/knowledge/anydesk-for-android-chromeos#troubleshooting
Source: f_0002b5.exe, 00000000.00000002.612997780.00000000044E0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612466363.00000000006F4000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.anydesk.com/knowledge/anydesk-id-and-alias
Source: f_0002b5.exe, 00000000.00000002.612997780.00000000044E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.anydesk.com/knowledge/anydesk-id-and-aliasm
Source: f_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.anydesk.com/knowledge/my-anydesk-ii#user-management
Source: f_0002b5.exe, 00000000.00000002.612997780.00000000044E0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612413000.000000000059D000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.anydesk.com/knowledge/quick-start-guide
Source: f_0002b5.exe, 00000000.00000002.612466363.00000000006F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.anydesk.com/knowledge/quick-start-guideJi
Source: f_0002b5.exe, 00000000.00000002.612413000.000000000059D000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000003.346353200.000000000061D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.anydesk.com/knowledge/quick-start-guidev
Source: f_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.anydesk.com/knowledge/status-anynet_overload
Source: f_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.anydesk.com/knowledge/status-desk_rt_auto_disconnect
Source: f_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.anydesk.com/knowledge/status-desk_rt_ipc_error
Source: f_0002b5.exe, 00000000.00000003.346353200.000000000061D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.anydesk.com/knowledge/status-desk_rt_ipc_errors.
Source: f_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.anydesk.com/knowledge/the-session-has-ended-unexpectedly
Source: f_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.anydesk.com/knowledge/users
Source: f_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.anydesk.com/knowledge/waiting-for-image-black-screen
Source: f_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.anydesk.com/knowledge/what-is-full-client-management
Source: f_0002b5.exeString found in binary or memory: https://support.google.com/chrome/contact/chromeuninstall3?hl=$1
Source: f_0002b5.exe, 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmp, f_0002b5.exe, 00000002.00000003.385632800.00000000004D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/contact/chromeuninstall3?hl=$1microsoft-edge:openFailed
Source: f_0002b5.exe, 00000000.00000002.612997780.00000000044E0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/intl/$
Source: f_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.nayuki.io/page/qr-code-generator-library
Source: unknownNetwork traffic detected: HTTP traffic on port 49163 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49168
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49166
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49163
Source: unknownNetwork traffic detected: HTTP traffic on port 49168 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49166 -> 443
Source: unknownHTTPS traffic detected: 57.129.19.1:443 -> 192.168.2.22:49166 version: TLS 1.2
Source: unknownHTTPS traffic detected: 89.187.179.132:443 -> 192.168.2.22:49168 version: TLS 1.2
Source: f_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DirectDrawCreateExmemstr_9611e757-2
Source: C:\Users\user\Desktop\f_0002b5.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
Source: f_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: GetRawInputDatamemstr_7e9f129c-d
Source: C:\Users\user\Desktop\f_0002b5.exeMemory allocated: 770B0000 page execute and read and writeJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeMemory allocated: 770B0000 page execute and read and writeJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeMemory allocated: 770B0000 page execute and read and writeJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: 2_2_6C67B6C0 new,SetHandleInformation,CreateEnvironmentBlock,CreateProcessAsUserW,DestroyEnvironmentBlock,CreateProcessW,AssignProcessToJobObject,GetCurrentProcess,GetCurrentProcess,TerminateProcess,GetCurrentProcess,WaitForSingleObject,ResumeThread,WaitForSingleObject,2_2_6C67B6C0
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: 2_2_6C675D102_2_6C675D10
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: 2_2_6C68AE202_2_6C68AE20
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: 2_2_6C681ED02_2_6C681ED0
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: 2_2_6C683EA02_2_6C683EA0
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: 2_2_6C687F4E2_2_6C687F4E
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: 2_2_6C6839A42_2_6C6839A4
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: 2_2_6C684B222_2_6C684B22
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: 2_2_6C6985172_2_6C698517
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: 2_2_6C6745802_2_6C674580
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: 2_2_6C6846ED2_2_6C6846ED
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: 2_2_6C6956C92_2_6C6956C9
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: 2_2_6C66A0902_2_6C66A090
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: 2_2_6C6930932_2_6C693093
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: 2_2_6C68817D2_2_6C68817D
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: 2_2_6C6842B82_2_6C6842B8
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: 2_2_6C6923012_2_6C692301
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: 2_2_6C6803B72_2_6C6803B7
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: String function: 6C681630 appears 48 times
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: String function: 6C662EA0 appears 47 times
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: String function: 6C662340 appears 31 times
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: String function: 6C666EC0 appears 51 times
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: String function: 6C67FC11 appears 50 times
Source: f_0002b5.exeStatic PE information: No import functions for PE file found
Source: f_0002b5.exe, 00000000.00000002.612818555.0000000002374000.00000004.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamesas.dllj% vs f_0002b5.exe
Source: f_0002b5.exe, 00000000.00000003.343803485.0000000000717000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentshrui.dll.muij% vs f_0002b5.exe
Source: f_0002b5.exe, 00000000.00000002.612466363.00000000006F4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentshrui.dll.muij% vs f_0002b5.exe
Source: f_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesas.dllj% vs f_0002b5.exe
Source: f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesas.dllj% vs f_0002b5.exe
Source: f_0002b5.exe, 00000002.00000002.612809391.0000000002374000.00000004.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamesas.dllj% vs f_0002b5.exe
Source: f_0002b5.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: classification engineClassification label: mal51.evad.winEXE@5/8@8/6
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: 2_2_6C6629A0 FormatMessageA,GetLastError,2_2_6C6629A0
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: 2_2_6C69FFEC LaunchGoogleChrome,CoInitializeEx,CoInitializeSecurity,GetCurrentProcessId,GetShellWindow,GetWindowThreadProcessId,LocalFree,OpenProcess,OpenProcessToken,DuplicateTokenEx,ImpersonateLoggedOnUser,CloseHandle,CloseHandle,CloseHandle,LocalFree,LocalFree,CoCreateInstance,RevertToSelf,CoUninitialize,2_2_6C69FFEC
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: 2_2_6C6A2CE9 LoadResource,LockResource,SizeofResource,2_2_6C6A2CE9
Source: C:\Users\user\Desktop\f_0002b5.exeFile created: C:\Users\user\AppData\Roaming\AnyDeskJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ad_mailbox_2708_2263196340_0_mtx
Source: C:\Users\user\Desktop\f_0002b5.exeMutant created: \Sessions\1\BaseNamedObjects\Session\1\ad_connect_queue_2704_2278952368_mtx
Source: C:\Users\user\Desktop\f_0002b5.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ad_qipcstobjmtx
Source: C:\Users\user\Desktop\f_0002b5.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ad_mailbox_1800_2280200370_0_mtx
Source: C:\Users\user\Desktop\f_0002b5.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ad_mailbox_2708_2263196340_1_mtx
Source: C:\Users\user\Desktop\f_0002b5.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ad_mailbox_1800_2280200370_1_mtx
Source: C:\Users\user\Desktop\f_0002b5.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ad_qipcmtx_2704_1900_11
Source: C:\Users\user\Desktop\f_0002b5.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ad_qipcmtx_2704_1900_3
Source: C:\Users\user\Desktop\f_0002b5.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ad_qipcmtx_2704_1900_4
Source: C:\Users\user\Desktop\f_0002b5.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ad_qipcmtx_2704_1900_5
Source: C:\Users\user\Desktop\f_0002b5.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ad_qipcmtx_2704_1900_12
Source: C:\Users\user\Desktop\f_0002b5.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ad_qipcmtx_2704_1900_6
Source: C:\Users\user\Desktop\f_0002b5.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ad_qipcmtx_2704_1900_13
Source: C:\Users\user\Desktop\f_0002b5.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ad_qipcmtx_2704_1900_18
Source: C:\Users\user\Desktop\f_0002b5.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ad_qipcmtx_1800_3112_0
Source: C:\Users\user\Desktop\f_0002b5.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ad_qipcmtx_1800_3124_0
Source: C:\Users\user\Desktop\f_0002b5.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ad_qipcmtx_2704_1900_16
Source: C:\Users\user\Desktop\f_0002b5.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ad_8010_lsystem_mtx
Source: C:\Users\user\Desktop\f_0002b5.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ad_trace_mtx
Source: C:\Users\user\Desktop\f_0002b5.exeFile created: C:\Users\user\AppData\Local\Temp\gcapi.dllJump to behavior
Source: f_0002b5.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\f_0002b5.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessorId FROM Win32_Processor
Source: C:\Users\user\Desktop\f_0002b5.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: f_0002b5.exeString found in binary or memory: Removed multi-install failure key; switching to channel:
Source: C:\Users\user\Desktop\f_0002b5.exeFile read: C:\Users\user\Desktop\f_0002b5.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\f_0002b5.exe "C:\Users\user\Desktop\f_0002b5.exe"
Source: C:\Users\user\Desktop\f_0002b5.exeProcess created: C:\Users\user\Desktop\f_0002b5.exe "C:\Users\user\Desktop\f_0002b5.exe" --local-service
Source: C:\Users\user\Desktop\f_0002b5.exeProcess created: C:\Users\user\Desktop\f_0002b5.exe "C:\Users\user\Desktop\f_0002b5.exe" --local-control
Source: C:\Users\user\Desktop\f_0002b5.exeProcess created: C:\Users\user\Desktop\f_0002b5.exe "C:\Users\user\Desktop\f_0002b5.exe" --local-serviceJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeProcess created: C:\Users\user\Desktop\f_0002b5.exe "C:\Users\user\Desktop\f_0002b5.exe" --local-controlJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: wow64win.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: wow64cpu.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: webio.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: slc.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: linkinfo.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: duser.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: dui70.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: wbemcomn2.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: bcrypt.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: rpcrtremote.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: ntdsapi.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: shcore.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: wow64win.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: wow64cpu.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: webio.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: rpcrtremote.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: wow64win.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: wow64cpu.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: webio.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: slc.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: credssp.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32Jump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeWindow found: window name: SysTabControl32Jump to behavior
Source: f_0002b5.exeStatic PE information: certificate valid
Source: f_0002b5.exeStatic file information: File size 5328200 > 1048576
Source: f_0002b5.exeStatic PE information: Raw size of .data is bigger than: 0x100000 < 0x507c00
Source: f_0002b5.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: f_0002b5.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: C:\b\build\slave\win\build\src\out\Release\gcapi_dll.dll.pdbGCTL source: f_0002b5.exe, 00000002.00000002.613158752.00000000065B8000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmp, f_0002b5.exe, 00000002.00000003.385632800.00000000004D9000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000003.385584840.0000000006AF7000.00000004.00000001.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.613117431.00000000060E3000.00000004.00000001.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.613158752.00000000065D4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Buildbot\ad-windows-32\build\release\dwm_dda-32\privacy_feature\privacy_feature.pdb source: f_0002b5.exe, 00000000.00000002.612818555.00000000023B0000.00000004.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.612809391.00000000023B0000.00000004.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Buildbot\ad-windows-32\build\release\app-32\win_loader\AnyDesk.pdb source: f_0002b5.exe, 00000000.00000002.612872974.000000000255A000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612864108.000000000255A000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: C:\Buildbot\ad-windows-32\build\release\app-32\win_app\win_app.pdb@7 source: f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: C:\Buildbot\ad-windows-32\build\release\dwm_dda-64\win_dwm\win_dwm.pdb source: f_0002b5.exe, 00000000.00000002.612818555.00000000023B0000.00000004.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.612809391.00000000023B0000.00000004.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Buildbot\ad-windows-32\build\release\dwm_dda-32\win_dwm\win_dwm.pdb source: f_0002b5.exe, 00000000.00000002.612818555.0000000002374000.00000004.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.612809391.0000000002374000.00000004.00000001.01000000.00000003.sdmp
Source: Binary string: C:\Buildbot\ad-windows-32\build\release\dwm_dda-64\privacy_feature\privacy_feature.pdb source: f_0002b5.exe, 00000000.00000002.612818555.00000000023B0000.00000004.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.612809391.00000000023B0000.00000004.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Buildbot\ad-windows-32\build\release\app-32\win_app\win_app.pdb source: f_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\b\build\slave\win\build\src\out\Release\gcapi_dll.dll.pdb source: f_0002b5.exe, 00000002.00000002.613158752.00000000065B8000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmp, f_0002b5.exe, 00000002.00000003.385632800.00000000004D9000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000003.385584840.0000000006AF7000.00000004.00000001.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.613117431.00000000060E3000.00000004.00000001.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.613158752.00000000065D4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: SAS.pdbR source: f_0002b5.exe, 00000000.00000002.612818555.0000000002374000.00000004.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.612809391.0000000002374000.00000004.00000001.01000000.00000003.sdmp
Source: Binary string: SAS.pdb source: f_0002b5.exe, 00000000.00000002.612818555.0000000002374000.00000004.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.612809391.0000000002374000.00000004.00000001.01000000.00000003.sdmp

Data Obfuscation

barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\f_0002b5.exeUnpacked PE file: 0.2.f_0002b5.exe.1320000.0.unpack .text:ER;.itext:W;.rdata:R;.data:W;.rsrc:R;.reloc:R; vs .text:ER;.itext:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;
Source: C:\Users\user\Desktop\f_0002b5.exeUnpacked PE file: 2.2.f_0002b5.exe.1320000.0.unpack .text:ER;.itext:W;.rdata:R;.data:W;.rsrc:R;.reloc:R; vs .text:ER;.itext:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;
Source: C:\Users\user\Desktop\f_0002b5.exeUnpacked PE file: 3.2.f_0002b5.exe.1320000.0.unpack .text:ER;.itext:W;.rdata:R;.data:W;.rsrc:R;.reloc:R; vs .text:ER;.itext:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: 2_2_6C66FCD0 push ecx; mov dword ptr [esp], 00000000h2_2_6C66FCD7
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: 2_2_6C681676 push ecx; ret 2_2_6C681689
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: 2_2_6C6811DF push ecx; ret 2_2_6C6811F2
Source: C:\Users\user\Desktop\f_0002b5.exeFile created: C:\Users\user\Desktop\gcapi.dllJump to dropped file
Source: C:\Users\user\Desktop\f_0002b5.exeFile created: C:\Users\user\AppData\Local\Temp\gcapi.dllJump to dropped file

Hooking and other Techniques for Hiding and Protection

barindex
Hides that the sample has been downloaded from the Internet (zone.identifier)
Source: C:\Users\user\Desktop\f_0002b5.exeFile opened: C:\Users\user\Desktop\f_0002b5.exe:Zone.Identifier read attributes | deleteJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: 2_2_6C6803B7 GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,2_2_6C6803B7
Source: C:\Users\user\Desktop\f_0002b5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Queries memory information (via WMI often done to detect virtual machines)
Source: C:\Users\user\Desktop\f_0002b5.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber FROM Win32_PhysicalMemory
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Source: C:\Users\user\Desktop\f_0002b5.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber FROM Win32_DiskDrive
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Source: C:\Users\user\Desktop\f_0002b5.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT MACAddress FROM Win32_NetworkAdapter WHERE PhysicalAdapter = TRUE
Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
Source: C:\Users\user\Desktop\f_0002b5.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\f_0002b5.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeDropped PE file which has not been started: C:\Users\user\Desktop\gcapi.dllJump to dropped file
Source: C:\Users\user\Desktop\f_0002b5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\gcapi.dllJump to dropped file
Source: C:\Users\user\Desktop\f_0002b5.exeAPI coverage: 5.3 %
Source: C:\Users\user\Desktop\f_0002b5.exe TID: 2520Thread sleep time: -5534023222112862s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exe TID: 2480Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exe TID: 3152Thread sleep time: -240000s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exe TID: 2520Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exe TID: 2496Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exe TID: 3136Thread sleep time: -180000s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exe TID: 3128Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exe TID: 3132Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exe TID: 3140Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exe TID: 3128Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber FROM Win32_BaseBoard
Source: C:\Users\user\Desktop\f_0002b5.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessorId FROM Win32_Processor
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: 2_2_6C69F147 GetLocalTime followed by cmp: cmp dx, 000ch and CTI: jbe 6C69F183h2_2_6C69F147
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: 2_2_6C696C6E FindFirstFileExA,2_2_6C696C6E
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: 2_2_6C67F1AA VirtualQuery,GetSystemInfo,2_2_6C67F1AA
Source: C:\Users\user\Desktop\f_0002b5.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: 2_2_6C685F8C IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_6C685F8C
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: 2_2_6C689E6A mov eax, dword ptr fs:[00000030h]2_2_6C689E6A
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: 2_2_6C68B428 GetProcessHeap,2_2_6C68B428
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: 2_2_6C680FC3 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_6C680FC3
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: 2_2_6C685F8C IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_6C685F8C
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: 2_2_6C6814B2 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_6C6814B2
Source: C:\Users\user\Desktop\f_0002b5.exeMemory protected: page read and write | page guardJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeProcess created: C:\Users\user\Desktop\f_0002b5.exe "C:\Users\user\Desktop\f_0002b5.exe" --local-serviceJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeProcess created: C:\Users\user\Desktop\f_0002b5.exe "C:\Users\user\Desktop\f_0002b5.exe" --local-controlJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeFile opened: Windows Firewall: C:\Windows\SysWOW64\FirewallAPI.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: 2_2_6C69F711 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,2_2_6C69F711
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: 2_2_6C68168B cpuid 2_2_6C68168B
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: EnumSystemLocalesW,2_2_6C68EC36
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: IsValidCodePage,GetLocaleInfoW,2_2_6C69AD29
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: GetLocaleInfoW,2_2_6C69AEBD
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: EnumSystemLocalesW,2_2_6C69AF66
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: EnumSystemLocalesW,2_2_6C69AFB1
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,2_2_6C69B452
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: GetLocaleInfoW,2_2_6C69B559
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,2_2_6C69B626
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: EnumSystemLocalesW,2_2_6C69B04C
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,2_2_6C69B0D9
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: GetLocaleInfoW,2_2_6C68F15E
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: GetUserDefaultUILanguage,GetLocaleInfoW,GetLocaleInfoW,2_2_6C67D200
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: GetLocaleInfoW,2_2_6C69B329
Source: C:\Users\user\Desktop\f_0002b5.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeQueries volume information: C:\Users\user\Desktop\f_0002b5.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: 2_2_6C672D20 GetSystemTimeAsFileTime,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,2_2_6C672D20
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: 2_2_6C69057E _free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,2_2_6C69057E
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: 2_2_6C672A20 GetCurrentProcess,GetModuleHandleW,GetProcAddress,GetVersionExW,GetNativeSystemInfo,GetModuleHandleW,GetProcAddress,2_2_6C672A20
Source: C:\Users\user\Desktop\f_0002b5.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: f_0002b5.exe, 00000002.00000002.612864108.000000000255A000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: .itext.text.custom88978f95220cea3e5cd714ad3d984e5drelease/win_8.0.108941b379f03505960bfba86d51b033e4f12eac4a
Source: f_0002b5.exe, 00000000.00000002.612346769.00000000003AF000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: 8941b379f03505960bfba86d51b033e4f12eac4arelease/win_8.0.1088978f95220cea3e5cd714ad3d984e5dL
Source: f_0002b5.exe, 00000002.00000002.612310585.00000000003AF000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: 8941b379f03505960bfba86d51b033e4f12eac4arelease/win_8.0.1088978f95220cea3e5cd714ad3d984e5dh
Source: f_0002b5.exe, 00000002.00000002.612830613.000000000247B000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 8941b379f03505960bfba86d51b033e4f12eac4arelease/win_8.0.1088978f95220cea3e5cd714ad3d984e5d
Source: f_0002b5.exe, 00000002.00000002.612310585.00000000003AF000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: release/win_8.0.10

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Valid Accounts		421
Windows Management Instrumentation		1
DLL Side-Loading		1
DLL Side-Loading		11
Disable or Modify Tools		21
Input Capture		12
System Time Discovery		Remote Services1
Archive Collected Data		12
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts2
Command and Scripting Interpreter		1
Valid Accounts		1
Valid Accounts		1
Deobfuscate/Decode Files or Information		LSASS Memory2
File and Directory Discovery		Remote Desktop Protocol21
Input Capture		1
Non-Standard Port		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
Access Token Manipulation		2
Obfuscated Files or Information		Security Account Manager156
System Information Discovery		SMB/Windows Admin Shares1
Clipboard Data		2
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook11
Process Injection		1
Software Packing		NTDS43
Security Software Discovery		Distributed Component Object ModelInput Capture3
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
DLL Side-Loading		LSA Secrets1
Process Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
Masquerading		Cached Domain Credentials331
Virtualization/Sandbox Evasion		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
Valid Accounts		DCSync1
Remote System Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
Access Token Manipulation		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt331
Virtualization/Sandbox Evasion		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron11
Process Injection		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd1
Hidden Files and Directories		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
f_0002b5.exe0%ReversingLabs

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\gcapi.dll0%ReversingLabs
C:\Users\user\Desktop\gcapi.dll0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://www.gimp.org/xmp/0%URL Reputationsafe
http://www.openssl.org/support/faq.html0%URL Reputationsafe
https://datatracker.ietf.org/ipr/1526/0%URL Reputationsafe
https://datatracker.ietf.org/ipr/1914/0%URL Reputationsafe
http://ns.useplus.org/ldf/xmp/1.0/0%URL Reputationsafe
http://iptc.org/std/Iptc4xmpExt/2008-02-29/0%URL Reputationsafe
https://datatracker.ietf.org/ipr/1524/0%URL Reputationsafe
http://www.openssl.org/)0%URL Reputationsafe
https://order.anydesk.com/trial0%Avira URL Cloudsafe
https://www.google.com/intl/$0%Avira URL Cloudsafe
https://my.anydesk.com0%Avira URL Cloudsafe
https://support.google.com/chrome/contact/chromeuninstall3?hl=$10%Avira URL Cloudsafe
https://anydesk.com/de/datenschutz0%Avira URL Cloudsafe
https://support.anydesk.com/knowledge/users0%Avira URL Cloudsafe
https://support.anydesk.com/knowledge/anydesk-id-and-aliasm0%Avira URL Cloudsafe
https://anydesk.com/es/privacidad0%Avira URL Cloudsafe
http://ns.adobe.c/s0%Avira URL Cloudsafe
https://anydesk.com/0%Avira URL Cloudsafe
https://anydesk.com/update0%Avira URL Cloudsafe
https://my.anydesk.com/auth/realms/myanydesk/protocol/openid-connect/registrations?client_id=myanyde0%Avira URL Cloudsafe
https://support.anydesk.com/knowledge/status-desk_rt_ipc_errors.0%Avira URL Cloudsafe
https://www.nayuki.io/page/qr-code-generator-library0%Avira URL Cloudsafe
https://support.anydesk.com/knowledge/status-desk_rt_auto_disconnect0%Avira URL Cloudsafe
https://policies.google.com/privacy?hl=$0%Avira URL Cloudsafe
https://anydesk.com/privacy0%Avira URL Cloudsafe
https://support.anydesk.com/knowledge/my-anydesk-ii#user-management0%Avira URL Cloudsafe
https://help.anydesk.com0%Avira URL Cloudsafe
https://anydesk.com/pricing/teams0%Avira URL Cloudsafe
https://anydesk.com/terms0%Avira URL Cloudsafe
https://support.anydesk.com/knowledge/quick-start-guideJi0%Avira URL Cloudsafe
https://support.and0%Avira URL Cloudsafe
https://anydesk.com/en/changelog/windows0%Avira URL Cloudsafe
https://support.anydesk.com/knowledge/account-migration0%Avira URL Cloudsafe
https://anydesk.com/order0%Avira URL Cloudsafe
https://support.anydesk.com/knowledge/what-is-full-client-management0%Avira URL Cloudsafe
https://anydesk.com/contact/sales0%Avira URL Cloudsafe
https://my.anydesk.com/password-generator.0%Avira URL Cloudsafe
https://anydesk.com/en/assembly/terms0%Avira URL Cloudsafe
https://support.anydesk.com0%Avira URL Cloudsafe
https://help.anydesk.com/0%Avira URL Cloudsafe
https://support.anydesk.com/knowledge/status-anynet_overload0%Avira URL Cloudsafe
https://support.anydesk.com/knowledge/waiting-for-image-black-screen0%Avira URL Cloudsafe
https://support.anydesk.com/knowledge/anydesk-for-android-chromeos#troubleshooting0%Avira URL Cloudsafe
https://anydesk.com0%Avira URL Cloudsafe
https://anydesk.com/pricing/teamse0%Avira URL Cloudsafe
https://anydesk.com/contact/sales)0%Avira URL Cloudsafe
http://www.opengl.org/registry/0%Avira URL Cloudsafe
https://support.anydesk.com/knowledge/status-desk_rt_ipc_error0%Avira URL Cloudsafe
https://help.anydesk.com/$0%Avira URL Cloudsafe
https://my.anydesk.com/auth/realms/myanydesk/login-actions/reset-credentials?client_id=myanydesk-fro0%Avira URL Cloudsafe
https://support.anydesk.com/knowledge/quick-start-guide0%Avira URL Cloudsafe
https://anydesk.com/en/assembly0%Avira URL Cloudsafe
https://support.google.com/chrome/contact/chromeuninstall3?hl=$1microsoft-edge:openFailed0%Avira URL Cloudsafe
https://my.anydesk.com/auth/realms/myanydesk/login-actions/reset-credentials0%Avira URL Cloudsafe
https://anydesk.com/en/privacy0%Avira URL Cloudsafe
https://anydesk.com/pricing/teams)0%Avira URL Cloudsafe
https://help.anydesk.com/HelpLinkInstallLocationAnyDesk0%Avira URL Cloudsafe
https://anydesk.com/company#imprint0%Avira URL Cloudsafe
https://my.anydesk.com/v20%Avira URL Cloudsafe
https://anydesk.com/pricing/teams00%Avira URL Cloudsafe
https://boot.net.anydesk.comabcdefABCDEFtruefalsetfInvalid0%Avira URL Cloudsafe
http://www.openssl.org/support/faq.htmlEC_PRIVATEKEYpublicKeyparametersprivateKeyECPKPARAMETERSvalue0%Avira URL Cloudsafe
https://support.anydesk.com/knowledge/quick-start-guidev0%Avira URL Cloudsafe
https://support.anydesk.com/knowledge/anydesk-account0%Avira URL Cloudsafe
https://support.anydesk.com/knowledge/anydesk-id-and-alias0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
d1atxff5avezsq.cloudfront.net
13.225.10.64
truefalse
    		unknown
    boot.net.anydesk.com
    		195.181.174.167
    		truefalse
      		unknown
      relay-0b975d23.net.anydesk.com
      		89.187.179.132
      		truefalse
        		unknown
        api.playanext.com
        		unknown
        		unknownfalse
          		unknown

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          http://api.playanext.comUser-Agent: AnyDesk/8.0.10Accept: */*Content-Length: 354Content-Type: application/x-www-form-urlencodedapi_key=c1426bd258099fa69f62933b466d4b77&event=[{"event_type":"check_offer","user_id":"d1e6315c5d1cd55be3a98d991cc225d4","session_id":1716389259216828,"ip":"$remote","event_properties":{"method_used":"Google Chrome Criteria Checker","offer_product":"Google Chrome","distributor":"AnyDesk","distributor_product":"AnyDesk","user_country":"United States"}}/httpapifalse
            		unknown

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            http://ns.adobe.c/sf_0002b5.exe, 00000000.00000002.612384315.00000000003CD000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://support.anydesk.com/knowledge/usersf_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://order.anydesk.com/trialf_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://support.google.com/chrome/contact/chromeuninstall3?hl=$1f_0002b5.exefalse
            • Avira URL Cloud: safe
            		unknown
            https://anydesk.com/updatef_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://www.google.com/intl/$f_0002b5.exe, 00000000.00000002.612997780.00000000044E0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://www.gimp.org/xmp/f_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.612668557.0000000001D66000.00000002.00000001.01000000.00000003.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://anydesk.com/de/datenschutzf_0002b5.exe, 00000003.00000002.612668557.0000000001D66000.00000002.00000001.01000000.00000003.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://my.anydesk.comf_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://anydesk.com/es/privacidadf_0002b5.exe, 00000003.00000002.612668557.0000000001D66000.00000002.00000001.01000000.00000003.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://support.anydesk.com/knowledge/anydesk-id-and-aliasmf_0002b5.exe, 00000000.00000002.612997780.00000000044E0000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://my.anydesk.com/auth/realms/myanydesk/protocol/openid-connect/registrations?client_id=myanydef_0002b5.exe, 00000003.00000002.612668557.0000000001D66000.00000002.00000001.01000000.00000003.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://support.anydesk.com/knowledge/my-anydesk-ii#user-managementf_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://support.anydesk.com/knowledge/status-desk_rt_ipc_errors.f_0002b5.exe, 00000000.00000003.346353200.000000000061D000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://www.openssl.org/support/faq.htmlf_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://anydesk.com/f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.612668557.0000000001D66000.00000002.00000001.01000000.00000003.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://support.anydesk.com/knowledge/status-desk_rt_auto_disconnectf_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://anydesk.com/privacyf_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://datatracker.ietf.org/ipr/1526/f_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.612668557.0000000001D66000.00000002.00000001.01000000.00000003.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://www.nayuki.io/page/qr-code-generator-libraryf_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://policies.google.com/privacy?hl=$f_0002b5.exe, 00000000.00000003.346353200.000000000061D000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://help.anydesk.comf_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://anydesk.com/pricing/teamsf_0002b5.exe, 00000000.00000002.612413000.000000000059D000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://support.andf_0002b5.exe, 00000000.00000002.612413000.000000000059D000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://datatracker.ietf.org/ipr/1914/f_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.612668557.0000000001D66000.00000002.00000001.01000000.00000003.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://anydesk.com/termsf_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://support.anydesk.com/knowledge/quick-start-guideJif_0002b5.exe, 00000000.00000002.612466363.00000000006F4000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://support.anydesk.com/knowledge/what-is-full-client-managementf_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://anydesk.com/en/changelog/windowsf_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://support.anydesk.com/knowledge/account-migrationf_0002b5.exe, 00000000.00000002.612413000.000000000059D000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000003.346353200.000000000061D000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://anydesk.com/orderf_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://anydesk.com/contact/salesf_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://anydesk.com/en/assembly/termsf_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.612668557.0000000001D66000.00000002.00000001.01000000.00000003.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://my.anydesk.com/password-generator.f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://support.anydesk.comf_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://help.anydesk.com/f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://anydesk.comf_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://support.anydesk.com/knowledge/waiting-for-image-black-screenf_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://ns.useplus.org/ldf/xmp/1.0/f_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.612668557.0000000001D66000.00000002.00000001.01000000.00000003.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://support.anydesk.com/knowledge/status-anynet_overloadf_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://support.anydesk.com/knowledge/anydesk-for-android-chromeos#troubleshootingf_0002b5.exe, 00000000.00000002.612997780.00000000044E0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://www.opengl.org/registry/f_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.612668557.0000000001D66000.00000002.00000001.01000000.00000003.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://anydesk.com/contact/sales)f_0002b5.exe, 00000003.00000002.612668557.0000000001D66000.00000002.00000001.01000000.00000003.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://iptc.org/std/Iptc4xmpExt/2008-02-29/f_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.612668557.0000000001D66000.00000002.00000001.01000000.00000003.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://anydesk.com/pricing/teamsef_0002b5.exe, 00000000.00000002.612413000.000000000059D000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://help.anydesk.com/$f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://support.anydesk.com/knowledge/quick-start-guidef_0002b5.exe, 00000000.00000002.612997780.00000000044E0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612413000.000000000059D000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://my.anydesk.com/auth/realms/myanydesk/login-actions/reset-credentials?client_id=myanydesk-frof_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://support.anydesk.com/knowledge/status-desk_rt_ipc_errorf_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://anydesk.com/en/assemblyf_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.612668557.0000000001D66000.00000002.00000001.01000000.00000003.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://my.anydesk.com/auth/realms/myanydesk/login-actions/reset-credentialsf_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.612668557.0000000001D66000.00000002.00000001.01000000.00000003.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://support.google.com/chrome/contact/chromeuninstall3?hl=$1microsoft-edge:openFailedf_0002b5.exe, 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmp, f_0002b5.exe, 00000002.00000003.385632800.00000000004D9000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://anydesk.com/en/privacyf_0002b5.exe, 00000003.00000002.612668557.0000000001D66000.00000002.00000001.01000000.00000003.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://help.anydesk.com/HelpLinkInstallLocationAnyDeskf_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://datatracker.ietf.org/ipr/1524/f_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.612668557.0000000001D66000.00000002.00000001.01000000.00000003.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://my.anydesk.com/v2f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.612668557.0000000001D66000.00000002.00000001.01000000.00000003.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://anydesk.com/company#imprintf_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://www.openssl.org/)f_0002b5.exe, 00000003.00000002.612668557.0000000001D66000.00000002.00000001.01000000.00000003.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://anydesk.com/pricing/teams)f_0002b5.exe, 00000003.00000002.612668557.0000000001D66000.00000002.00000001.01000000.00000003.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://support.anydesk.com/knowledge/quick-start-guidevf_0002b5.exe, 00000000.00000002.612413000.000000000059D000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000003.346353200.000000000061D000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://www.openssl.org/support/faq.htmlEC_PRIVATEKEYpublicKeyparametersprivateKeyECPKPARAMETERSvaluef_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://anydesk.com/pricing/teams0f_0002b5.exe, 00000000.00000002.612466363.0000000000746000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://boot.net.anydesk.comabcdefABCDEFtruefalsetfInvalidf_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.612668557.0000000001D66000.00000002.00000001.01000000.00000003.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://support.anydesk.com/knowledge/anydesk-accountf_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://support.anydesk.com/knowledge/anydesk-id-and-aliasf_0002b5.exe, 00000000.00000002.612997780.00000000044E0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612466363.00000000006F4000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000003.343387587.0000000003470000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000002.612730646.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.612719239.0000000001D66000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.346579851.0000000003470000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown

            World Map of Contacted IPs

            • No. of IPs < 25%
            • 25% < No. of IPs < 50%
            • 50% < No. of IPs < 75%
            • 75% < No. of IPs

            Public IPs

            IPDomainCountryFlagASNASN NameMalicious
            141.95.145.210
            		unknownGermany
            		680DFNVereinzurFoerderungeinesDeutschenForschungsnetzesefalse
            13.225.10.37
            		unknownUnited States
            		16509AMAZON-02USfalse
            57.128.101.74
            		unknownBelgium
            		2686ATGS-MMD-ASUSfalse
            89.187.179.132
            		relay-0b975d23.net.anydesk.comCzech Republic
            		60068CDN77GBfalse
            195.181.174.167
            		boot.net.anydesk.comUnited Kingdom
            		60068CDN77GBfalse
            57.129.19.1
            		unknownBelgium
            		2686ATGS-MMD-ASUSfalse

            General Information

            Joe Sandbox version:40.0.0 Tourmaline
            Analysis ID:1445830
            Start date and time:2024-05-22 16:43:32 +02:00
            Joe Sandbox product:CloudBasic
            Overall analysis duration:0h 6m 37s
            Hypervisor based Inspection enabled:false
            Report type:full
            Cookbook file name:default.jbs
            Analysis system description:Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
            Number of analysed new started processes analysed:7
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:0
            Technologies:
            • HCA enabled
            • EGA enabled
            • AMSI enabled
            Analysis Mode:default
            Analysis stop reason:Timeout
            Sample name:f_0002b5.exe
            (renamed file extension from none to exe)
            Original Sample Name:f_0002b5
            Detection:MAL
            Classification:mal51.evad.winEXE@5/8@8/6
            EGA Information:
            • Successful, ratio: 100%
            HCA Information:
            • Successful, ratio: 100%
            • Number of executed functions: 20
            • Number of non-executed functions: 164

            Warnings

            • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, svchost.exe
            • Excluded IPs from analysis (whitelisted): 2.21.22.106, 2.21.22.114
            • Excluded domains from analysis (whitelisted): ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, a767.dspw65.akamai.net, wu-b-net.trafficmanager.net, download.windowsupdate.com.edgesuite.net
            • HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
            • Report size getting too big, too many NtOpenKeyEx calls found.
            • Report size getting too big, too many NtQueryValueKey calls found.
            • VT rate limit hit for: f_0002b5.exe

            Simulations

            Behavior and APIs

            TimeTypeDescription
            10:44:19API Interceptor1197x Sleep call for process: f_0002b5.exe modified

            Joe Sandbox View / Context

            IPs

            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            141.95.145.210AnyDesk.exeGet hashmaliciousUnknownBrowse
              https://download.anydesk.com/AnyDesk.exeGet hashmaliciousUnknownBrowse
                https://bnz-portal.com/anydesk.exeGet hashmaliciousUnknownBrowse
                  LiveChat.exeGet hashmaliciousUnknownBrowse
                    https://bnz-portal.com/Get hashmaliciousUnknownBrowse
                      anydesk.exeGet hashmaliciousUnknownBrowse
                        anydesk.exeGet hashmaliciousUnknownBrowse
                          livechat.exeGet hashmaliciousUnknownBrowse
                            AnyDesk.exeGet hashmaliciousUnknownBrowse
                              AnyDesk-CM.msiGet hashmaliciousUnknownBrowse
                                57.128.101.74LiveChat.exeGet hashmaliciousUnknownBrowse
                                  https://bnz-portal.com/Get hashmaliciousUnknownBrowse
                                    anydesk.exeGet hashmaliciousUnknownBrowse
                                      livechat.exeGet hashmaliciousUnknownBrowse
                                        AnyDesk.exeGet hashmaliciousUnknownBrowse
                                          AnyDesk-CM.msiGet hashmaliciousUnknownBrowse
                                            195.181.174.167Microsoft.exeGet hashmaliciousUnknownBrowse
                                              AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                1.msiGet hashmaliciousUnknownBrowse
                                                  AnyDesk (4).exeGet hashmaliciousUnknownBrowse
                                                    AnyDesk.exeGet hashmaliciousVidarBrowse
                                                      AnyDeskUninst5265.exeGet hashmaliciousUnknownBrowse
                                                        Vostel-Anydesk.EXEGet hashmaliciousUnknownBrowse

                                                          Domains

                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                          d1atxff5avezsq.cloudfront.nethttps://download.filezilla-project.org/client/FileZilla_3.67.0_win64_sponsored2-setup.exeGet hashmaliciousUnknownBrowse
                                                          • 3.161.136.51
                                                          https://download.anydesk.com/AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                          • 18.173.219.116
                                                          Filezillawin_94199_patched.exeGet hashmaliciousUnknownBrowse
                                                          • 13.35.116.32
                                                          Filezillawin_94199_patched.exeGet hashmaliciousUnknownBrowse
                                                          • 13.35.116.110
                                                          SysrI6zSkJ.exeGet hashmaliciousRedLineBrowse
                                                          • 18.173.219.85
                                                          SysrI6zSkJ.exeGet hashmaliciousRedLineBrowse
                                                          • 18.173.219.36
                                                          https://download.anydesk.com/AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                          • 13.33.82.105
                                                          https://download.anydesk.com/AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                          • 13.33.82.26
                                                          https://nab-support.com/LiveChat.exeGet hashmaliciousUnknownBrowse
                                                          • 13.224.14.115
                                                          https://bendigo-desk.com/Get hashmaliciousUnknownBrowse
                                                          • 18.154.144.27
                                                          boot.net.anydesk.comhttps://download.anydesk.com/AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                          • 185.229.191.39
                                                          http://116.0.56.101:9191/images/Distribution.exeGet hashmaliciousUnknownBrowse
                                                          • 49.12.130.235
                                                          SysrI6zSkJ.exeGet hashmaliciousRedLineBrowse
                                                          • 37.59.29.33
                                                          SysrI6zSkJ.exeGet hashmaliciousRedLineBrowse
                                                          • 185.229.191.44
                                                          AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                          • 141.95.145.210
                                                          AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                          • 92.223.88.232
                                                          http://sub.nabprotect-livechat.com/Get hashmaliciousUnknownBrowse
                                                          • 185.229.191.39
                                                          https://download.anydesk.com/AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                          • 141.95.145.210
                                                          https://download.anydesk.com/AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                          • 57.128.101.74
                                                          https://nab-support.com/LiveChat.exeGet hashmaliciousUnknownBrowse
                                                          • 185.229.191.44

                                                          ASNs

                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                          DFNVereinzurFoerderungeinesDeutschenForschungsnetzesehttp://sallywilliamson.comGet hashmaliciousUnknownBrowse
                                                          • 141.95.33.120
                                                          hCNsvwoPS6.elfGet hashmaliciousUnknownBrowse
                                                          • 139.21.35.55
                                                          dn7MMSZM9O.elfGet hashmaliciousUnknownBrowse
                                                          • 139.23.131.0
                                                          https://fix-walletconnect.pages.dev/walletGet hashmaliciousUnknownBrowse
                                                          • 141.95.171.142
                                                          http://kocin-logixnlkcz.godaddysites.com/Get hashmaliciousUnknownBrowse
                                                          • 141.94.171.212
                                                          http://jaz.wxk.mybluehost.me/ch/104c5Get hashmaliciousUnknownBrowse
                                                          • 141.95.171.142
                                                          http://jaz.wxk.mybluehost.me/ch/e4ab7Get hashmaliciousUnknownBrowse
                                                          • 141.95.171.141
                                                          http://jaz.wxk.mybluehost.me/ch/e4ab7Get hashmaliciousUnknownBrowse
                                                          • 141.95.171.141
                                                          e2V8h6PN2L.elfGet hashmaliciousUnknownBrowse
                                                          • 139.22.26.119
                                                          xfO72LuQ7K.elfGet hashmaliciousUnknownBrowse
                                                          • 149.205.31.247
                                                          ATGS-MMD-ASUShttps://cs-server-s2s.yellowblue.io/sync-iframeGet hashmaliciousUnknownBrowse
                                                          • 34.36.216.150
                                                          https://internal--alert-teamapp-site.ipns.dweb.link/#YW1hbmRhLm1vcnJpc29uQG9uZWFtZXJpY2EuY29tGet hashmaliciousHTMLPhisherBrowse
                                                          • 34.32.135.56
                                                          Payment invoice.exeGet hashmaliciousFormBookBrowse
                                                          • 34.149.87.45
                                                          http://sallywilliamson.comGet hashmaliciousUnknownBrowse
                                                          • 34.36.216.150
                                                          hCNsvwoPS6.elfGet hashmaliciousUnknownBrowse
                                                          • 57.62.27.73
                                                          qwmLv2FcgD.elfGet hashmaliciousUnknownBrowse
                                                          • 34.176.183.104
                                                          http://sallywilliamson.com/Get hashmaliciousUnknownBrowse
                                                          • 34.36.213.229
                                                          https://fix-walletconnect.pages.dev/walletGet hashmaliciousUnknownBrowse
                                                          • 34.36.216.150
                                                          http://lasvocaux.wixsite.com/vocaleacceilGet hashmaliciousUnknownBrowse
                                                          • 34.49.229.81
                                                          41q1oGpbEVt.exeGet hashmaliciousUnknownBrowse
                                                          • 34.160.144.191
                                                          AMAZON-02UShttps://cs-server-s2s.yellowblue.io/sync-iframeGet hashmaliciousUnknownBrowse
                                                          • 54.195.106.144
                                                          https://www.google.com.bh/url?hl=en&q=https://www.google.com.bh/url?hl%3Den%26q%3Dhttp://www.google.com/amp/www.google.com/amp/www.google.com/amp/%252574%252569%25256E%252579%252575%252572%25256C%25252E%252563%25256F%25256D%25252F%25256D%252576%252574%252575%252575%252566%252537%252533%26source%3Dgmail%26ust%3D1716286979743000%26usg%3DAOvVaw0kIG15Hao_4RLWdhQSbrTj&source=gmail&ust=1716287016979000&usg=AOvVaw2OvZXU7t2_QCy0TjxskKGnGet hashmaliciousUnknownBrowse
                                                          • 18.245.253.27
                                                          https://rstgmbh-rstsrl.start.pageGet hashmaliciousHTMLPhisherBrowse
                                                          • 52.217.97.172
                                                          http://adsbymediavine.comGet hashmaliciousUnknownBrowse
                                                          • 52.222.149.102
                                                          https://www.sign-doc.com/XNHBmVkl2Nm5FWHNCSFgzUlpNaTRBQ1UrRWNwZU93aTcrK1J6cFBwUGVMTDRqc252ZFFhZHNsMWZieE9PZmN6YUYzVzhqWWI0R1ZheldoS2FuYXFVTkhpd1BldnB4OHcwZGZzUlQ1UE9JSDRXTWtNbjUvQUx3RFBQMVowRjQ4TWZhOS9WV1VzUHlIRnErVWtpR1lKcEdtQy9JTGt2ck1wZHpoLzhVb0owOThrOXZMcXlMMjVNZE5YRCtuRm52U0JTTkNPV0NnPT0tLSs2a0h3RllhaGNPTGs3ZHotLVY4SE1WRkErbUhsZU9lUnJPbjlCT1E9PQ==?cid=242919939Get hashmaliciousUnknownBrowse
                                                          • 54.231.129.224
                                                          https://p538.tumenum.com/4568/Get hashmaliciousHTMLPhisherBrowse
                                                          • 18.245.31.89
                                                          https://digiturk.accesssbankplc.com/yavuz.zaman19f9czsddreot020742423308810547988354vrnfdeacfivud16a8932fc85a5dd67c16875a041d3e2GS7W8BBDMSEN5K1ZWYC7RP93TZVdGMmRYb3VlbUZ0WVc1QVpHbG5hWFIxY21zdVkyOXRMblJ5fess19f9czsddreot020742423308810547988354vrnfdeacfivud16a8932fc85a5dd67c16875a041d3e220742423308810547988354vrnfdeacfivud16a8932fc85a5dd67c16875a041d3e2GS7W8BBDMSEN5K1ZWYC7RP93TZVdGMmRYb3VlbUZ0WVc1QVpHbG5hWFIxY21zdVkyOXRMblJ5GS7W8BBDMSEN5K1ZWYC7RP93TZVdGMmRYb3VlbUZ0WVc1QVpHbG5hWFIxY21zdVkyOXRMblJ5?19f9czsddreot020742423308810547988354vrnfdeacfivud16a8932fc85a5dd67c16875a041d3e2GS7W8BBDMSEN5K1ZWYC7RP93TZVdGMmRYb3VlbUZ0WVc1QVpHbG5hWFIxY21zdVkyOXRMblJ5=19f9czsddreot020742423308810547988354vrnfdeacfivud16a8932fc85a5dd67c16875a041d3e2GS7W8BBDMSEN5K1ZWYC7RP93TZVdGMmRYb3VlbUZ0WVc1QVpHbG5hWFIxY21zdVkyOXRMblJ520742423308810547988354vrnfdeacfivud16a8932fc85a5dd67c16875a041d3e2GS7W8BBDMSEN5K1ZWYC7RP93TZVdGMmRYb3VlbUZ0WVc1QVpHbG5hWFIxY21zdVkyOXRMblJ5#ZVdGMmRYb3VlbUZ0WVc1QVpHbG5hWFIxY21zdVkyOXRMblJ5Get hashmaliciousHTMLPhisherBrowse
                                                          • 13.33.187.4
                                                          http://www.amera.co.ukGet hashmaliciousUnknownBrowse
                                                          • 3.253.250.90
                                                          https://internal--alert-teamapp-site.ipns.dweb.link/#YW1hbmRhLm1vcnJpc29uQG9uZWFtZXJpY2EuY29tGet hashmaliciousHTMLPhisherBrowse
                                                          • 75.2.106.85
                                                          http://sallywilliamson.comGet hashmaliciousUnknownBrowse
                                                          • 18.202.122.123
                                                          CDN77GBhttps://fix-walletconnect.pages.dev/walletGet hashmaliciousUnknownBrowse
                                                          • 195.181.175.15
                                                          http://bafybeic2dcyunteju5lcniglmedsfh6rcjmlu3xtzvo2ykeyuj3wcano7a.ipfs.dweb.link/Get hashmaliciousUnknownBrowse
                                                          • 185.93.3.244
                                                          http://cf-ipfs.com/ipfs/Qmb8ZxH6YcdjvixfVo3yE3hHm5CNzVAQFSfFDavjywVtYk/gttrindeed.htmlGet hashmaliciousUnknownBrowse
                                                          • 185.93.1.246
                                                          http://shahnawazhussain1122.github.io/helloGet hashmaliciousUnknownBrowse
                                                          • 212.102.56.181
                                                          http://siddiquimehvish07.github.io/netflix.github.ioGet hashmaliciousUnknownBrowse
                                                          • 185.93.1.246
                                                          http://actioncompactionservices.comGet hashmaliciousUnknownBrowse
                                                          • 185.93.1.251
                                                          http://cdn.camvenue.liveGet hashmaliciousUnknownBrowse
                                                          • 195.181.175.40
                                                          https://fatodex.b-cdn.net/fatodexGet hashmaliciousUnknownBrowse
                                                          • 89.187.169.3
                                                          https://www.jbmarkets.com/Get hashmaliciousUnknownBrowse
                                                          • 195.181.163.203
                                                          https://bencrump.comGet hashmaliciousUnknownBrowse
                                                          • 89.187.173.23
                                                          CDN77GBhttps://fix-walletconnect.pages.dev/walletGet hashmaliciousUnknownBrowse
                                                          • 195.181.175.15
                                                          http://bafybeic2dcyunteju5lcniglmedsfh6rcjmlu3xtzvo2ykeyuj3wcano7a.ipfs.dweb.link/Get hashmaliciousUnknownBrowse
                                                          • 185.93.3.244
                                                          http://cf-ipfs.com/ipfs/Qmb8ZxH6YcdjvixfVo3yE3hHm5CNzVAQFSfFDavjywVtYk/gttrindeed.htmlGet hashmaliciousUnknownBrowse
                                                          • 185.93.1.246
                                                          http://shahnawazhussain1122.github.io/helloGet hashmaliciousUnknownBrowse
                                                          • 212.102.56.181
                                                          http://siddiquimehvish07.github.io/netflix.github.ioGet hashmaliciousUnknownBrowse
                                                          • 185.93.1.246
                                                          http://actioncompactionservices.comGet hashmaliciousUnknownBrowse
                                                          • 185.93.1.251
                                                          http://cdn.camvenue.liveGet hashmaliciousUnknownBrowse
                                                          • 195.181.175.40
                                                          https://fatodex.b-cdn.net/fatodexGet hashmaliciousUnknownBrowse
                                                          • 89.187.169.3
                                                          https://www.jbmarkets.com/Get hashmaliciousUnknownBrowse
                                                          • 195.181.163.203
                                                          https://bencrump.comGet hashmaliciousUnknownBrowse
                                                          • 89.187.173.23

                                                          JA3 Fingerprints

                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                          c91bde19008eefabce276152ccd51457SysrI6zSkJ.exeGet hashmaliciousRedLineBrowse
                                                          • 57.129.19.1
                                                          • 89.187.179.132
                                                          SysrI6zSkJ.exeGet hashmaliciousRedLineBrowse
                                                          • 57.129.19.1
                                                          • 89.187.179.132
                                                          AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                          • 57.129.19.1
                                                          • 89.187.179.132
                                                          AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                          • 57.129.19.1
                                                          • 89.187.179.132
                                                          http://sub.nabprotect-livechat.com/Get hashmaliciousUnknownBrowse
                                                          • 57.129.19.1
                                                          • 89.187.179.132
                                                          https://download.anydesk.com/AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                          • 57.129.19.1
                                                          • 89.187.179.132
                                                          https://download.anydesk.com/AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                          • 57.129.19.1
                                                          • 89.187.179.132
                                                          https://nab-support.com/LiveChat.exeGet hashmaliciousUnknownBrowse
                                                          • 57.129.19.1
                                                          • 89.187.179.132
                                                          https://bendigo-desk.com/Get hashmaliciousUnknownBrowse
                                                          • 57.129.19.1
                                                          • 89.187.179.132
                                                          https://bendigo-desk.com/Get hashmaliciousUnknownBrowse
                                                          • 57.129.19.1
                                                          • 89.187.179.132

                                                          Dropped Files

                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                          C:\Users\user\AppData\Local\Temp\gcapi.dllhttps://download.anydesk.com/AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                            SysrI6zSkJ.exeGet hashmaliciousRedLineBrowse
                                                              SysrI6zSkJ.exeGet hashmaliciousRedLineBrowse
                                                                https://download.anydesk.com/AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                                  https://nab-support.com/LiveChat.exeGet hashmaliciousUnknownBrowse
                                                                    Project.lnkGet hashmaliciousUnknownBrowse
                                                                      LiveChat.exeGet hashmaliciousUnknownBrowse
                                                                        LiveChat.exeGet hashmaliciousUnknownBrowse
                                                                          AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                                            AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                                              C:\Users\user\Desktop\gcapi.dllhttps://download.anydesk.com/AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                                                SysrI6zSkJ.exeGet hashmaliciousRedLineBrowse
                                                                                  SysrI6zSkJ.exeGet hashmaliciousRedLineBrowse
                                                                                    https://download.anydesk.com/AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                                                      https://nab-support.com/LiveChat.exeGet hashmaliciousUnknownBrowse
                                                                                        Project.lnkGet hashmaliciousUnknownBrowse
                                                                                          LiveChat.exeGet hashmaliciousUnknownBrowse
                                                                                            LiveChat.exeGet hashmaliciousUnknownBrowse
                                                                                              AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                                                                AnyDesk.exeGet hashmaliciousUnknownBrowse

                                                                                                  Created / dropped Files

                                                                                                  C:\Users\user\AppData\Local\Temp\gcapi.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\f_0002b5.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):394240
                                                                                                  Entropy (8bit):6.700175464943679
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6144:Tv/ioKdMF+LZD/ZRj1vwWrrUFMNoz4pFGxjEB1NYAOrabN2GZvFcD7:Td+LZrNwWrrwMNoz4vG1OYZabtK7
                                                                                                  MD5:1CE7D5A1566C8C449D0F6772A8C27900
                                                                                                  SHA1:60854185F6338E1BFC7497FD41AA44C5C00D8F85
                                                                                                  SHA-256:73170761D6776C0DEBACFBBC61B6988CB8270A20174BF5C049768A264BB8FFAF
                                                                                                  SHA-512:7E3411BE8614170AE91DB1626C452997DC6DB663D79130872A124AF982EE1D457CEFBA00ABD7F5269ADCE3052403BE31238AECC3934C7379D224CB792D519753
                                                                                                  Malicious:false
                                                                                                  Antivirus:
                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                  Joe Sandbox View:
                                                                                                  • Filename: , Detection: malicious, Browse
                                                                                                  • Filename: SysrI6zSkJ.exe, Detection: malicious, Browse
                                                                                                  • Filename: SysrI6zSkJ.exe, Detection: malicious, Browse
                                                                                                  • Filename: , Detection: malicious, Browse
                                                                                                  • Filename: , Detection: malicious, Browse
                                                                                                  • Filename: Project.lnk, Detection: malicious, Browse
                                                                                                  • Filename: LiveChat.exe, Detection: malicious, Browse
                                                                                                  • Filename: LiveChat.exe, Detection: malicious, Browse
                                                                                                  • Filename: AnyDesk.exe, Detection: malicious, Browse
                                                                                                  • Filename: AnyDesk.exe, Detection: malicious, Browse
                                                                                                  Reputation:moderate, very likely benign file
                                                                                                  Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$........q.hB..;B..;B..;.I.:@..;...;W..;...;...;...;b..;.#;@..;!M.:U..;!M.:c..;!M.:u..;...;@..;,M.:...;...;Y..;B..;~..;,M.:e..;,M.:C..;,M.;C..;B.s;C..;,M.:C..;RichB..;........................PE..L......W.........."!................:.....................................................@.........................p................0.......................@..h2......8...........................p...@.......................@....................text...y........................... ..`.rdata...-..........................@..@.data...H5..........................@....gfids..(...........................@..@.tls......... ......................@....rsrc........0......................@..@.reloc..h2...@...4..................@..B................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\Roaming\AnyDesk\ad.trace

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\f_0002b5.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:modified
                                                                                                  Size (bytes):33003
                                                                                                  Entropy (8bit):4.38225894157803
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:7zZxPidQqtZ4MSSAPPUAzsN8TZw0BYcGZsdTCM:7zZBiOa6pUeAaY3ZeCM
                                                                                                  MD5:B06AA039C029786A18A807D200EA06E1
                                                                                                  SHA1:15B99DC1154FB5259B96F2EB2BC9AB5DA3462275
                                                                                                  SHA-256:CC99CCC5C387693D0D888C303304F5ACBFA2EA89768E9EBF1EB24289637E55D2
                                                                                                  SHA-512:29B452B7C38BC43D3FD2CCF1D95592BCEEB511BDC9D20EA1B83711C9FF97F98EB06EF77C6EEBDFAAA965C3AC1CC8BBFEA98160D14A36160F9C32C24EB559BDBA
                                                                                                  Malicious:false
                                                                                                  Reputation:low
                                                                                                  Preview: * * * * * * * * * * * * * * * * * *.. info 2024-05-22 14:44:19.948 front 2708 2860 main - * AnyDesk Windows Startup *.. info 2024-05-22 14:44:19.948 front 2708 2860 main - * Version 8.0.10 (release/win_8.0.10 8941b379f03505960bfba86d51b033e4f12eac4a).. info 2024-05-22 14:44:19.948 front 2708 2860 main - * Checksum 88978f95220cea3e5cd714ad3d984e5d.. info 2024-05-22 14:44:19.948 front 2708 2860 main - * Build 20240424145318.. info 2024-05-22 14:44:19.948 front 2708 2860 main - * Copyright (C) 2024 AnyDesk Software GmbH *.. info 2024-05-22 14:44:19.948 front 2708 2860 main - .. info 2024-05-22 14:44:19.948 front 2708 2860 main - Command Line params: "C:\Users\user\Desktop\f_0002b5.exe

                                                                                                  C:\Users\user\AppData\Roaming\AnyDesk\service.conf

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\f_0002b5.exe
                                                                                                  File Type:ASCII text, with very long lines (1751)
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2970
                                                                                                  Entropy (8bit):6.029651227476192
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:uISTu1XWiJbloPAbej6quZOmSlrn1ObTYTZKHqBOpXZuBMjT/TRs7ENW/HrYvLYc:uISTziJbaPAbeezZOllrngb0KK2XZuBE
                                                                                                  MD5:2FF63767F45F8134F694C598C700A58F
                                                                                                  SHA1:2332AB2F1A8B82145A44F97DCB5D7A469CB0A517
                                                                                                  SHA-256:1E2A31545AB42AA3CD8FD892EC9C198BA22B8E809CA24076E77A1F90431D522F
                                                                                                  SHA-512:418A3F94C176F0A0C5AC9E850CEEE65EBDB1467E65661FD891D831784E2020EF82DE5EBAFDE72540EB1526E1273BBD709272FF5558C0D7FCFFEE6F696976752A
                                                                                                  Malicious:false
                                                                                                  Reputation:low
                                                                                                  Preview:ad.anynet.cert=-----BEGIN CERTIFICATE-----\nMIICqDCCAZACAQEwDQYJKoZIhvcNAQELBQAwGTEXMBUGA1UEAwwOQW55RGVzayBD\nbGllbnQwIBcNMjQwNTIyMTQ0NDIzWhgPMjA3NDA1MTAxNDQ0MjNaMBkxFzAVBgNV\nBAMMDkFueURlc2sgQ2xpZW50MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC\nAQEAxxKwJQFrDwzItydbpNwEnnMa2lMdTElXcN9DRtREmJw331QafIgll+mzI4Si\nerVk12JmXLraU2wpJtJ2LoUci9BtNQ0RGOZnoFtuyFQXDKrTqfd654Uj8EnTqBrI\nN3TkoCa/WmCuxj9VSZpLn+HQwG5Xy4mlFvzLZQHtVsO1m39r/JPNIoR3fxYWtBU+\ntH9/AuceI2dIC/5vCa4NQG1LYe93QvVuhb8gd6M2gJ79lj5sXtuGoWfrCpD0BSMd\nFbb7xZb8YC3ikDB8l0SSwPZOWv0y6Nzkt1BL4Selgp5vJuR8uEw9o5WJ42UUtZpd\nwhBKuIbSZprcHFjmcS742IA1MQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAtjjlx\nj1x2YrtFVInGFft+zPKnesuK4jN1akcfIYJyk+KE+/kwGx2ibxnydACjLC6tBUdc\npHe0ntcXF/gKblSmGJZ0tiD3WKxsCkHO7Z36D0K977lPuWD1M7oxPa/rwJ5LBO6s\nbsV1M1b3IG+xS5N+YW70XtoPK5emeUvpSy14YeDlCbgVy+rKOlRGW0TyzQH4dIQ6\nZslyn+cCdFjlDCF9rFsY+ZYV3SwSYpY3ejKZPOaPBVwdgZ+ghvIh+44FZquHJuZa\noymRz7Up6NlR5cniBDlom23Jnp0B1Yez3WI3e3vlHizVbXxoc/n9Dpp2t5S8O/Hx\nG2tZM1mOUaCjR0S8\n-----END CERTI

                                                                                                  C:\Users\user\AppData\Roaming\AnyDesk\system.conf

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\f_0002b5.exe
                                                                                                  File Type:ASCII text
                                                                                                  Category:dropped
                                                                                                  Size (bytes):765
                                                                                                  Entropy (8bit):4.79471028315015
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12:oizivCZ5sRmiBs7hPj7lNqQHvWhQCVp4LroBGgFBGt:h/OmiBsNPj5sAwtVp4LtBt
                                                                                                  MD5:4A3D241792CFD5631B44E845B0E61FD0
                                                                                                  SHA1:88B7662F3E0EF8C612555004F26348ABC38E67CB
                                                                                                  SHA-256:917281318247EC3201B3157EA2E68A1AD2AE043F68D746D0054C44D8E8CAE54D
                                                                                                  SHA-512:F37839A93CC32A1BC8E15AE24C9BED39FE40F27E1044E209D59758C37983CCDA1E8E30CB797B9D85D08BAB95C650411DA0C4BE89AA673812BC8FB42BB66AD42A
                                                                                                  Malicious:false
                                                                                                  Reputation:low
                                                                                                  Preview:ad.anynet.alias=.ad.anynet.client_stats_hash=1db0f4dd672e1fbc9c4f63fb973663e205f8937c.ad.anynet.cur_version=34359738378.ad.anynet.fpr=ed7ef28799029ddf7fc74d2e340fcd1d11b5a832.ad.anynet.id=1457003865.ad.anynet.last_relay=relay-0b975d23.net.anydesk.com:80:443:6568.ad.anynet.network_hash=2c7235e7e2e5cff92300cca3448da213ac1b5575.ad.anynet.network_id=main.ad.anynet.relay.fatal_result=1.0.ad.anynet.relay.state=2.ad.license.expiry=0.ad.license.name=free-1.ad.security.frontend_clipboard=1.ad.security.frontend_clipboard_files=1.ad.security.frontend_clipboard_version=1.ad.security.permission_profiles._default.permissions.sas=1.ad.security.permission_profiles._unattended_access.permissions.sas=1.ad.security.permission_profiles.version=1.ad.security.update_version=1.

                                                                                                  C:\Users\user\AppData\Roaming\AnyDesk\user.conf

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\f_0002b5.exe
                                                                                                  File Type:ASCII text, with very long lines (3261)
                                                                                                  Category:dropped
                                                                                                  Size (bytes):6149
                                                                                                  Entropy (8bit):4.438314363063199
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:2fdfGmxnnKBjPtC1n9LOyIRxfzBapbSYWuRJ59liCmg3TzoLUyGVR:wUmgBjQaVRBtcxJbxP3AAVR
                                                                                                  MD5:936614B8905441498776A74AAE00ECDC
                                                                                                  SHA1:CFEC5CA8EC2AE9425F8211E8AD1EE9033D0EC286
                                                                                                  SHA-256:36B43C7D58A02DBA49FB4A84CC5AAB095D1F844B06743F9FE7899E0CB64A4350
                                                                                                  SHA-512:5C2526B705D78ADDD2161EFCA65C49DB8F7191E911F8ED0C58F4C72AD72AF3434A20D71C98658AD5081A72FB4281BC2D758725A521786E1DD8C7C3ED82289C73
                                                                                                  Malicious:false
                                                                                                  Reputation:low
                                                                                                  Preview:ad.account.info=6fa74c609a01f31f1f670668df954f4642a4aae8018a18da3673865f0dae48fd9e0790cdb804a0450ff648310f1fa2df0b53d2e90e4e008262013ecaea92319e6c167af32345c4295b0f65789f748d9b8f768f2f5dcb52cb94986198fad5c27374ab0862b47b212f41cf5778b89c609a3f3e3259dac82913a28a87a3857d79cc15cec4917776a88c2e5c626150e76470f0d9dcc4abf315e6e674db2905fa8670a36f4818ed989a19ac20f52105ab32e402e811cc97f06f84b8eb87e226e6a8e61e37eadeb6a0a0c50e452e6a08c78d926df98651f5f5cacc1c396eb5b7190a3c7ada2eb266beac7fd3b9977f4c72b35c7695e7dd8a55.ad.general.online_status.remote_client=1.ad.invite.created_list_encrypted=6fa74c609a01f31f1f670668df954f4642a4aae8018a18dab7235571d4ad6afca7e492b3e8d846af0bf648310f1fa2df0b53d2e90e4e008262013ecaea92eebc7c8fb77f5cb15da8020e6c9acfedfc4a408afeecf4863a8396741b20baf2c27374ab0862b47b212f41cf5778b89c0eb34dba83afdee150ce5fbdecc587731b824350d2bbad9bcd01583c1c223f3b5470f0d99dea22489b5e432ade05d8a76c1c5723806804e93578b7d306f8f056a51b877357df5cdf0ec0cf86e98db9571382a7c49524cd9a0fa75a63652a30c4f41b8

                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms (copy)

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\f_0002b5.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3066
                                                                                                  Entropy (8bit):2.9636997799929388
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12:C9xaPb/vupegiY3LqCMAqkTFivO+6Rxcf9y556A8l8Tdzy/TdzVxmb/vupegiY3v:OS0fmHO+7Wokk7nS0mnLO+rjDkk7c
                                                                                                  MD5:3FF4E6F9218194E40428F4652B3A8254
                                                                                                  SHA1:83ECB0A1C5F84D59EE2D517CC03A73B0DFC05E2C
                                                                                                  SHA-256:4E809345ED1A2B45DDA44DEF9B217097C787A6FD9FF90B47F2E4B513C5DBD121
                                                                                                  SHA-512:EC5F60FE9A48272E3BF1A495EC65EE4BB2F3D2F09C1CBA90D53BD14FCDEFA7BB7E91CD3BA61A550BBC898854084650C9C71971DF74A07DC8CFA180203C595503
                                                                                                  Malicious:false
                                                                                                  Reputation:low
                                                                                                  Preview:...................................FL..................F.@ . ...p.S.V...p.S.V....n.V...HMQ.....................d.b.2.HMQ..X.u .f_0002b5.exe..F......X.u.X.u*.........................f._.0.0.0.2.b.5...e.x.e.......v...............-...8...[...........-..l.....C:\Users\..#...................\\468325\Users.user\Desktop\f_0002b5.exe...O.p.e.n. .a. .n.e.w. .A.n.y.D.e.s.k. .w.i.n.d.o.w...#.C.:.\.U.s.e.r.s.\.A.l.b.u.s.\.D.e.s.k.t.o.p.\.f._.0.0.0.2.b.5...e.x.e.........%USERPROFILE%\Desktop\f_0002b5.exe..................................................................................................................................................................................................................................%.U.S.E.R.P.R.O.F.I.L.E.%.\.D.e.s.k.t.o.p.\.f._.0.0.0.2.b.5...e.x.e...............................................................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\89UIT8L8NJXHATCK2VYI.temp

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\f_0002b5.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3066
                                                                                                  Entropy (8bit):2.9636997799929388
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12:C9xaPb/vupegiY3LqCMAqkTFivO+6Rxcf9y556A8l8Tdzy/TdzVxmb/vupegiY3v:OS0fmHO+7Wokk7nS0mnLO+rjDkk7c
                                                                                                  MD5:3FF4E6F9218194E40428F4652B3A8254
                                                                                                  SHA1:83ECB0A1C5F84D59EE2D517CC03A73B0DFC05E2C
                                                                                                  SHA-256:4E809345ED1A2B45DDA44DEF9B217097C787A6FD9FF90B47F2E4B513C5DBD121
                                                                                                  SHA-512:EC5F60FE9A48272E3BF1A495EC65EE4BB2F3D2F09C1CBA90D53BD14FCDEFA7BB7E91CD3BA61A550BBC898854084650C9C71971DF74A07DC8CFA180203C595503
                                                                                                  Malicious:false
                                                                                                  Reputation:low
                                                                                                  Preview:...................................FL..................F.@ . ...p.S.V...p.S.V....n.V...HMQ.....................d.b.2.HMQ..X.u .f_0002b5.exe..F......X.u.X.u*.........................f._.0.0.0.2.b.5...e.x.e.......v...............-...8...[...........-..l.....C:\Users\..#...................\\468325\Users.user\Desktop\f_0002b5.exe...O.p.e.n. .a. .n.e.w. .A.n.y.D.e.s.k. .w.i.n.d.o.w...#.C.:.\.U.s.e.r.s.\.A.l.b.u.s.\.D.e.s.k.t.o.p.\.f._.0.0.0.2.b.5...e.x.e.........%USERPROFILE%\Desktop\f_0002b5.exe..................................................................................................................................................................................................................................%.U.S.E.R.P.R.O.F.I.L.E.%.\.D.e.s.k.t.o.p.\.f._.0.0.0.2.b.5...e.x.e...............................................................................................................................................................................................................

                                                                                                  C:\Users\user\Desktop\gcapi.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\f_0002b5.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:modified
                                                                                                  Size (bytes):394240
                                                                                                  Entropy (8bit):6.700175464943679
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6144:Tv/ioKdMF+LZD/ZRj1vwWrrUFMNoz4pFGxjEB1NYAOrabN2GZvFcD7:Td+LZrNwWrrwMNoz4vG1OYZabtK7
                                                                                                  MD5:1CE7D5A1566C8C449D0F6772A8C27900
                                                                                                  SHA1:60854185F6338E1BFC7497FD41AA44C5C00D8F85
                                                                                                  SHA-256:73170761D6776C0DEBACFBBC61B6988CB8270A20174BF5C049768A264BB8FFAF
                                                                                                  SHA-512:7E3411BE8614170AE91DB1626C452997DC6DB663D79130872A124AF982EE1D457CEFBA00ABD7F5269ADCE3052403BE31238AECC3934C7379D224CB792D519753
                                                                                                  Malicious:false
                                                                                                  Antivirus:
                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                  Joe Sandbox View:
                                                                                                  • Filename: , Detection: malicious, Browse
                                                                                                  • Filename: SysrI6zSkJ.exe, Detection: malicious, Browse
                                                                                                  • Filename: SysrI6zSkJ.exe, Detection: malicious, Browse
                                                                                                  • Filename: , Detection: malicious, Browse
                                                                                                  • Filename: , Detection: malicious, Browse
                                                                                                  • Filename: Project.lnk, Detection: malicious, Browse
                                                                                                  • Filename: LiveChat.exe, Detection: malicious, Browse
                                                                                                  • Filename: LiveChat.exe, Detection: malicious, Browse
                                                                                                  • Filename: AnyDesk.exe, Detection: malicious, Browse
                                                                                                  • Filename: AnyDesk.exe, Detection: malicious, Browse
                                                                                                  Reputation:moderate, very likely benign file
                                                                                                  Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$........q.hB..;B..;B..;.I.:@..;...;W..;...;...;...;b..;.#;@..;!M.:U..;!M.:c..;!M.:u..;...;@..;,M.:...;...;Y..;B..;~..;,M.:e..;,M.:C..;,M.;C..;B.s;C..;,M.:C..;RichB..;........................PE..L......W.........."!................:.....................................................@.........................p................0.......................@..h2......8...........................p...@.......................@....................text...y........................... ..`.rdata...-..........................@..@.data...H5..........................@....gfids..(...........................@..@.tls......... ......................@....rsrc........0......................@..@.reloc..h2...@...4..................@..B................................................................................................................................................................

                                                                                                  Static File Info

                                                                                                  General

                                                                                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                  Entropy (8bit):7.999484622672807
                                                                                                  TrID:
                                                                                                  • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                  • DOS Executable Generic (2002/1) 0.02%
                                                                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                  File name:f_0002b5.exe
                                                                                                  File size:5'328'200 bytes
                                                                                                  MD5:aee6801792d67607f228be8cec8291f9
                                                                                                  SHA1:bf6ba727ff14ca2fddf619f292d56db9d9088066
                                                                                                  SHA256:1cdafbe519f60aaadb4a92e266fff709129f86f0c9ee595c45499c66092e0499
                                                                                                  SHA512:09d9fc8702ab6fa4fc9323c37bc970b8a7dd180293b0dbf337de726476b0b9515a4f383fa294ba084eccf0698d1e3cb5a39d0ff9ea3ba40c8a56acafce3add4f
                                                                                                  SSDEEP:98304:G5WW6KEdJxfpDVOMdq2668yIv1//nvkYCRThGXBJdicotUgwoAo5beyjF:y3vEbxfjf4Y8yofvktkLdurH5iyR
                                                                                                  TLSH:5036333493648B79CCA3013002D5E6792B7EBC8A4DD789987D63E968F7DF6023F96211
                                                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........h.}.;.}.;.}.;..";.}.;..#;.}.;...;.}.;...;.}.;Rich.}.;........................PE..L.....)f.........."......*....P..X#........

                                                                                                  File Icon

                                                                                                  Icon Hash:499669d8d82916a8

                                                                                                  Static PE Info

                                                                                                  General

                                                                                                  Entrypoint:0x401ce5
                                                                                                  Entrypoint Section:.text
                                                                                                  Digitally signed:true
                                                                                                  Imagebase:0x400000
                                                                                                  Subsystem:windows gui
                                                                                                  Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                  DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                  Time Stamp:0x662900C3 [Wed Apr 24 12:53:23 2024 UTC]
                                                                                                  TLS Callbacks:
                                                                                                  CLR (.Net) Version:
                                                                                                  OS Version Major:5
                                                                                                  OS Version Minor:1
                                                                                                  File Version Major:5
                                                                                                  File Version Minor:1
                                                                                                  Subsystem Version Major:5
                                                                                                  Subsystem Version Minor:1
                                                                                                  Import Hash:

                                                                                                  Authenticode Signature

                                                                                                  Signature Valid:true
                                                                                                  Signature Issuer:CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
                                                                                                  Signature Validation Error:The operation completed successfully
                                                                                                  Error Number:0
                                                                                                  Not Before, Not After
                                                                                                  • 2/11/2024 7:00:00 PM 2/12/2025 6:59:59 PM
                                                                                                  Subject Chain
                                                                                                  • CN=AnyDesk Software GmbH, O=AnyDesk Software GmbH, L=Stuttgart, S=Baden-W\xfcrttemberg, C=DE
                                                                                                  Version:3
                                                                                                  Thumbprint MD5:E4E34304F4315A15A0BC0E413363721E
                                                                                                  Thumbprint SHA-1:CA38CF219C8E9782A8CBBD76643D24E4F2D74B03
                                                                                                  Thumbprint SHA-256:AF74DC88EF91477F8A93E5DA98B3C80ECD6CB6A10271DC6DC768EC3F34239BC0
                                                                                                  Serial:030E330A8ED28347BDA3BB478E410D7C

                                                                                                  Entrypoint Preview

                                                                                                  Instruction
                                                                                                  push ebp
                                                                                                  mov ebp, esp
                                                                                                  sub esp, 64h
                                                                                                  push esi
                                                                                                  lea ecx, dword ptr [ebp-64h]
                                                                                                  call 00007F122CC01293h
                                                                                                  lea eax, dword ptr [ebp-64h]
                                                                                                  mov ecx, eax
                                                                                                  mov dword ptr [01B42AE0h], eax
                                                                                                  call 00007F122CC01151h
                                                                                                  test al, al
                                                                                                  jne 00007F122CC018B4h
                                                                                                  mov esi, 000003E8h
                                                                                                  lea ecx, dword ptr [ebp-64h]
                                                                                                  call 00007F122CC0113Fh
                                                                                                  mov eax, esi
                                                                                                  pop esi
                                                                                                  leave
                                                                                                  ret
                                                                                                  lea eax, dword ptr [ebp-64h]
                                                                                                  push eax
                                                                                                  lea ecx, dword ptr [ebp-30h]
                                                                                                  call 00007F122CC00F73h
                                                                                                  lea eax, dword ptr [ebp-30h]
                                                                                                  mov ecx, eax
                                                                                                  mov dword ptr [01B42AE4h], eax
                                                                                                  call 00007F122CC00F0Bh
                                                                                                  test al, al
                                                                                                  jne 00007F122CC018B1h
                                                                                                  lea ecx, dword ptr [ebp-30h]
                                                                                                  call 00007F122CC00EF0h
                                                                                                  mov esi, 000003E9h
                                                                                                  jmp 00007F122CC01867h
                                                                                                  cmp dword ptr [ebp-10h], 00000000h
                                                                                                  je 00007F122CC018AAh
                                                                                                  push 00000800h
                                                                                                  call dword ptr [ebp-10h]
                                                                                                  cmp dword ptr [ebp-0Ch], 00000000h
                                                                                                  je 00007F122CC018AAh
                                                                                                  push 00008001h
                                                                                                  call dword ptr [ebp-0Ch]
                                                                                                  lea eax, dword ptr [ebp-64h]
                                                                                                  push eax
                                                                                                  lea esi, dword ptr [ebp-30h]
                                                                                                  call 00007F122CC017F5h
                                                                                                  pop ecx
                                                                                                  mov esi, eax
                                                                                                  push esi
                                                                                                  call dword ptr [ebp-20h]
                                                                                                  lea ecx, dword ptr [ebp-30h]
                                                                                                  call 00007F122CC00EB2h
                                                                                                  jmp 00007F122CC0182Eh
                                                                                                  mov edx, dword ptr [esp+04h]
                                                                                                  push ebx
                                                                                                  mov ebx, dword ptr [esp+10h]
                                                                                                  push esi
                                                                                                  xor esi, esi
                                                                                                  test ebx, ebx
                                                                                                  je 00007F122CC018D1h
                                                                                                  push edi
                                                                                                  mov edi, dword ptr [esp+14h]
                                                                                                  sub edi, 01B42AE8h
                                                                                                  imul edx, edx, 0019660Dh
                                                                                                  add edx, 3C6EF35Fh
                                                                                                  mov eax, edx
                                                                                                  shr eax, 0Ch

                                                                                                  Rich Headers

                                                                                                  Programming Language:
                                                                                                  • [C++] VS2010 build 30319
                                                                                                  • [ C ] VS2010 build 30319
                                                                                                  • [RES] VS2010 SP1 build 40219
                                                                                                  • [LNK] VS2010 build 30319

                                                                                                  Data Directories

                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x17430000x4850.rsrc
                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x50fc000x5148.itext
                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x17480000x8c.reloc
                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x123a0000x1c.rdata
                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                  Sections

                                                                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                  .text0x10000x28770x2a006de7d38e79590f5072b2fa25c8a461dbFalse0.6000744047619048data6.559086341196753IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                  .itext0x40000x12358000x0d41d8cd98f00b204e9800998ecf8427eunknownunknownunknownunknownIMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                  .rdata0x123a0000x2fa0x400bf5eee8accfc7d0f37b5d97724325e98False0.7275390625Matlab v4 mat-file (little endian) \234\242#\001\2340, numeric, rows 1713963203, columns 0, imaginary5.663602401873528IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                  .data0x123b0000x507eec0x507c00da9e83e5e1d5baf1ccdace3aa4312eeeunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                  .rsrc0x17430000x48500x4a00e02f811023480bcb805c46d630c69e50False0.5122994087837838data6.017396108357361IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                  .reloc0x17480000x3000x400dff545c0291c6bb280bbfb0224bbecb4False0.15234375data1.2203722656529061IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                  Resources

                                                                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                  RT_ICON0x17432800x1b8ePNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9167848029486816
                                                                                                  RT_ICON0x1744e100x668Device independent bitmap graphic, 48 x 96 x 4, image size 0EnglishUnited States0.299390243902439
                                                                                                  RT_ICON0x17454780x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishUnited States0.478494623655914
                                                                                                  RT_ICON0x17457600x1e8Device independent bitmap graphic, 24 x 48 x 4, image size 0EnglishUnited States0.48155737704918034
                                                                                                  RT_ICON0x17459480x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishUnited States0.597972972972973
                                                                                                  RT_ICON0x1745ac00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishUnited States0.09404315196998124
                                                                                                  RT_ICON0x1746b680x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishUnited States0.2047872340425532
                                                                                                  RT_GROUP_ICON0x1745a700x4cdataEnglishUnited States0.8026315789473685
                                                                                                  RT_GROUP_ICON0x1746fd00x22dataEnglishUnited States1.0588235294117647
                                                                                                  RT_VERSION0x1746ff80x250dataEnglishUnited States0.4814189189189189
                                                                                                  RT_MANIFEST0x17472480x606XML 1.0 document, ASCII textEnglishUnited States0.45265888456549935

                                                                                                  Possible Origin

                                                                                                  Language of compilation systemCountry where language is spokenMap
                                                                                                  EnglishUnited States

                                                                                                  Network Behavior

                                                                                                  Network Port Distribution

                                                                                                  TCP Packets

                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                  May 22, 2024 16:44:24.350137949 CEST49163443192.168.2.22195.181.174.167
                                                                                                  May 22, 2024 16:44:24.350168943 CEST44349163195.181.174.167192.168.2.22
                                                                                                  May 22, 2024 16:44:24.350223064 CEST49163443192.168.2.22195.181.174.167
                                                                                                  May 22, 2024 16:44:24.362235069 CEST49163443192.168.2.22195.181.174.167
                                                                                                  May 22, 2024 16:44:24.362287045 CEST44349163195.181.174.167192.168.2.22
                                                                                                  May 22, 2024 16:44:24.362344027 CEST49163443192.168.2.22195.181.174.167
                                                                                                  May 22, 2024 16:44:24.606241941 CEST4916480192.168.2.22141.95.145.210
                                                                                                  May 22, 2024 16:44:24.623667002 CEST8049164141.95.145.210192.168.2.22
                                                                                                  May 22, 2024 16:44:24.623766899 CEST4916480192.168.2.22141.95.145.210
                                                                                                  May 22, 2024 16:44:24.673504114 CEST4916480192.168.2.22141.95.145.210
                                                                                                  May 22, 2024 16:44:24.719083071 CEST8049164141.95.145.210192.168.2.22
                                                                                                  May 22, 2024 16:44:24.719194889 CEST4916480192.168.2.22141.95.145.210
                                                                                                  May 22, 2024 16:44:24.869182110 CEST491656568192.168.2.22195.181.174.167
                                                                                                  May 22, 2024 16:44:24.916184902 CEST656849165195.181.174.167192.168.2.22
                                                                                                  May 22, 2024 16:44:24.916306973 CEST491656568192.168.2.22195.181.174.167
                                                                                                  May 22, 2024 16:44:30.034749031 CEST49166443192.168.2.2257.129.19.1
                                                                                                  May 22, 2024 16:44:30.034774065 CEST4434916657.129.19.1192.168.2.22
                                                                                                  May 22, 2024 16:44:30.034816027 CEST49166443192.168.2.2257.129.19.1
                                                                                                  May 22, 2024 16:44:30.044011116 CEST49166443192.168.2.2257.129.19.1
                                                                                                  May 22, 2024 16:44:30.044034958 CEST4434916657.129.19.1192.168.2.22
                                                                                                  May 22, 2024 16:44:30.748809099 CEST4434916657.129.19.1192.168.2.22
                                                                                                  May 22, 2024 16:44:30.749130964 CEST49166443192.168.2.2257.129.19.1
                                                                                                  May 22, 2024 16:44:30.750186920 CEST49166443192.168.2.2257.129.19.1
                                                                                                  May 22, 2024 16:44:30.750199080 CEST4434916657.129.19.1192.168.2.22
                                                                                                  May 22, 2024 16:44:30.750468016 CEST4434916657.129.19.1192.168.2.22
                                                                                                  May 22, 2024 16:44:30.750595093 CEST49166443192.168.2.2257.129.19.1
                                                                                                  May 22, 2024 16:44:30.900213957 CEST49166443192.168.2.2257.129.19.1
                                                                                                  May 22, 2024 16:44:31.006505013 CEST4916780192.168.2.2257.128.101.74
                                                                                                  May 22, 2024 16:44:31.053428888 CEST804916757.128.101.74192.168.2.22
                                                                                                  May 22, 2024 16:44:31.054352045 CEST4916780192.168.2.2257.128.101.74
                                                                                                  May 22, 2024 16:44:31.063158989 CEST4916780192.168.2.2257.128.101.74
                                                                                                  May 22, 2024 16:44:31.107486963 CEST804916757.128.101.74192.168.2.22
                                                                                                  May 22, 2024 16:44:34.710155010 CEST804916757.128.101.74192.168.2.22
                                                                                                  May 22, 2024 16:44:34.852494001 CEST4916780192.168.2.2257.128.101.74
                                                                                                  May 22, 2024 16:44:34.865963936 CEST804916757.128.101.74192.168.2.22
                                                                                                  May 22, 2024 16:44:35.070635080 CEST804916757.128.101.74192.168.2.22
                                                                                                  May 22, 2024 16:44:35.126414061 CEST4916780192.168.2.2257.128.101.74
                                                                                                  May 22, 2024 16:44:35.187581062 CEST804916757.128.101.74192.168.2.22
                                                                                                  May 22, 2024 16:44:35.447813988 CEST804916757.128.101.74192.168.2.22
                                                                                                  May 22, 2024 16:44:35.566092968 CEST4916780192.168.2.2257.128.101.74
                                                                                                  May 22, 2024 16:44:35.577966928 CEST804916757.128.101.74192.168.2.22
                                                                                                  May 22, 2024 16:44:35.578094006 CEST4916780192.168.2.2257.128.101.74
                                                                                                  May 22, 2024 16:44:35.875741959 CEST49168443192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:35.875777006 CEST4434916889.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:35.875832081 CEST49168443192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:35.885994911 CEST49168443192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:35.886035919 CEST4434916889.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:36.377543926 CEST4434916889.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:36.377614021 CEST49168443192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:36.378346920 CEST49168443192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:36.378355980 CEST4434916889.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:36.378468990 CEST4434916889.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:36.378515005 CEST49168443192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:36.394484997 CEST49168443192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:36.426614046 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:36.479451895 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:36.479518890 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:36.485030890 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:36.523041964 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:36.960701942 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:36.970505953 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:36.985548019 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:37.117228031 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:37.214653969 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:37.214766979 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:37.215024948 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:37.275274038 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:37.527065992 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:37.607359886 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:37.607359886 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:37.607601881 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:37.617341042 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:37.617350101 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:37.622102022 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:37.855492115 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:37.980068922 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:37.980129957 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:38.056505919 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:38.227713108 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:38.238395929 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:38.251475096 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:38.251488924 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:38.491318941 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:38.491332054 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:38.491400003 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:38.515721083 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:38.539441109 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:38.585639954 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:38.586082935 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:38.599020958 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:38.727298021 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:38.728523970 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:38.952971935 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:38.957982063 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:38.958008051 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:38.958050966 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.292819023 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.293418884 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.296226025 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.296287060 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.351438999 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.408046961 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.408477068 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.466263056 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.561686993 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.563879013 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.564028978 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.568708897 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.575704098 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.575772047 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.576308012 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.576318979 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.576363087 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.585043907 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.585057974 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.585099936 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.590003967 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.590018034 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.590069056 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.595933914 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.595947981 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.595958948 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.596004009 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.600636959 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.600649118 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.600698948 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.605329037 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.654634953 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.654817104 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.655747890 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.658276081 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.658330917 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.660814047 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.660826921 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.660886049 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.663364887 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.665029049 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.665102005 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.667011976 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.667040110 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.667144060 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.671096087 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.671107054 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.671149015 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.675162077 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.675173998 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.675215006 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.675725937 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.679208994 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.679223061 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.679281950 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.682760954 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.682774067 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.682784081 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.682826042 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.685635090 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.685647964 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.685682058 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.688517094 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.688529968 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.688571930 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.690679073 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.690690994 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.690814972 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.693483114 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.694961071 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.694973946 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.695022106 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.697781086 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.697793961 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.697802067 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.697845936 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.700670004 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.700683117 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.700692892 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.700783014 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.747473955 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.747526884 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.748097897 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.749444962 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.749502897 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.750874043 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.750886917 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.750931978 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.752187967 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.753570080 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.753582954 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.753621101 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.754004955 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.756417036 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.757405996 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.757417917 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.757481098 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.759596109 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.759612083 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.759624958 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.759658098 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.761754990 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.761768103 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.761905909 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.763933897 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.763947010 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.763986111 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.766118050 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.766129971 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.766168118 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.768320084 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.768332005 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.768392086 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.770493984 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.770505905 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.770517111 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.770545006 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.772367001 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.772378922 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.772432089 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.774113894 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.774127960 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.774171114 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.775887966 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.775901079 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.775952101 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.777621031 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.777633905 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.777647018 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.777693033 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.779402971 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.779416084 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.779457092 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.779757023 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.781158924 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.781171083 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.781218052 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.782877922 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.782890081 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.782938004 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.784568071 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.784579992 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.784625053 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.786072969 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.786086082 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.786096096 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.786135912 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.787611008 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.787623882 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.787686110 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.789048910 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.789061069 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.789115906 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.790501118 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.790513039 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.790560961 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.791904926 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.791915894 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.791925907 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.791971922 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.830583096 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.841542006 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.841552973 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.841694117 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.843012094 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.843024015 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.843082905 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.843641043 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.844661951 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.844675064 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.844683886 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.844719887 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.845954895 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.845967054 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.846020937 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.847440004 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.847453117 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.847461939 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.847511053 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.848995924 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.849009037 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.849065065 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.850532055 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.850543976 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.850606918 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.851727962 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.851738930 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.851799011 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.852950096 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.852962971 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.853015900 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.854177952 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.854190111 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.854198933 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.854255915 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.855386972 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.855400085 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.855514050 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.856652021 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.856666088 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.856720924 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.857898951 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.857912064 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.857970953 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.858973026 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.858985901 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.858997107 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.859045029 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.860096931 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.860109091 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.860158920 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.861229897 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.861243010 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.861299038 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.862401009 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.862413883 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.862467051 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.863452911 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.863466024 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.863518000 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.864546061 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.864557981 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.864568949 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.864607096 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.865572929 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.865585089 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.865633011 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.866580963 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.866592884 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.866636038 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.867548943 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.867562056 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.867602110 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.868525028 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.868536949 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.868547916 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.868582964 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.869465113 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.869477034 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.869515896 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.870441914 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.870455027 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.870496035 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.871335983 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.871346951 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.871387005 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.872270107 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.872283936 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.872320890 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.873208046 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.873220921 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.873230934 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.873270035 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.874010086 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.874023914 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.874070883 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.874979019 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.874991894 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.875036001 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.875761032 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.875773907 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.875827074 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.876606941 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.876620054 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.876631021 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.876658916 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.877420902 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.877433062 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.877475023 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.878252029 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.878264904 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.878310919 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.879021883 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.879034996 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.879079103 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.879821062 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.879836082 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.879885912 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.880583048 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.880597115 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.880608082 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.880698919 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.881306887 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.882060051 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.882072926 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.882133961 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.882812977 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.882828951 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.882833004 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.882905006 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.883547068 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.883558989 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.883604050 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.884249926 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.884263039 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.884274006 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.884310961 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.936342955 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.936446905 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.936510086 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.936850071 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.936863899 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.936916113 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.937597036 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.938020945 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.938046932 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.938080072 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.938824892 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.938838959 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.938888073 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.939532042 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.939543962 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.939599037 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.939950943 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.939964056 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.940012932 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.940716028 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.940727949 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.940773964 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.941495895 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.941509008 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.941551924 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.942249060 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.942260981 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.942305088 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.943043947 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.943056107 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.943067074 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.943099976 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.943677902 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.943689108 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.943698883 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.943737030 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.944605112 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.944621086 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.944632053 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.944678068 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.945538998 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.945550919 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.945559978 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.945570946 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.945604086 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.945604086 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.946438074 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.946448088 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.946458101 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.946496964 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.947384119 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.947396994 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.947419882 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.947449923 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.948297024 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.948309898 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.948318958 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.948329926 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.948352098 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.948385000 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.949229002 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.949239969 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.949249983 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.949284077 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.950211048 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.950222969 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.950232983 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.950268030 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.951040983 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.951066971 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.951076984 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.951086998 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.951096058 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.951129913 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.951828957 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.951839924 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.951885939 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.952675104 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.953458071 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.953471899 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.953483105 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.953517914 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.954283953 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.954298019 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.954308987 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.954339981 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.955028057 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.955040932 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.955053091 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.955066919 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.955085993 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.955185890 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.955826044 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.955838919 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.955848932 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.955884933 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.956605911 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.956619024 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.956630945 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.956645012 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.956656933 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.956667900 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.956697941 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.957525969 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.957571030 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.957581997 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.957583904 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.957597971 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.957629919 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.958475113 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.958539009 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.958590984 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.958604097 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.958616018 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.958648920 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.959446907 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.959460020 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.959470987 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.959484100 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.959495068 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.959506989 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.959537029 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.960401058 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.960418940 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.960434914 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.960448980 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.960474968 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.960508108 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.961328030 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.961339951 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.961350918 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.961366892 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.961379051 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.961386919 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.961410999 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.962229013 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.962243080 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.962300062 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.962941885 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.963064909 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.963119984 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.963285923 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.963296890 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:39.963340998 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:39.968163013 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:40.007071972 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:40.007144928 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:40.027723074 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:40.027839899 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:40.027892113 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:40.027993917 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:40.028007030 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:40.028052092 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:40.028259993 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:40.028271914 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:40.028281927 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:40.028321981 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:40.028779984 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:40.028793097 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:40.028834105 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:40.028949976 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:40.029206038 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:40.029217958 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:40.029226065 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:40.029262066 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:40.030839920 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:40.030850887 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:40.030859947 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:40.030869961 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:40.030885935 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:40.030894995 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:40.030896902 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:40.030909061 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:40.030921936 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:40.030922890 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:40.030952930 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:40.030982971 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:40.031013012 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:40.031176090 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:40.031188011 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:40.031197071 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:40.031208038 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:40.031218052 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:40.031234026 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:40.031260967 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:40.032461882 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:40.032473087 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:40.032516956 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:40.048578978 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:40.103441954 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:40.195383072 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:40.253232002 CEST4917180192.168.2.2213.225.10.37
                                                                                                  May 22, 2024 16:44:40.258212090 CEST804917113.225.10.37192.168.2.22
                                                                                                  May 22, 2024 16:44:40.258308887 CEST4917180192.168.2.2213.225.10.37
                                                                                                  May 22, 2024 16:44:40.258534908 CEST4917180192.168.2.2213.225.10.37
                                                                                                  May 22, 2024 16:44:40.316268921 CEST804917113.225.10.37192.168.2.22
                                                                                                  May 22, 2024 16:44:40.396176100 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:40.623238087 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:44:40.624191999 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:41.302110910 CEST4917180192.168.2.2213.225.10.37
                                                                                                  May 22, 2024 16:44:41.308631897 CEST804917113.225.10.37192.168.2.22
                                                                                                  May 22, 2024 16:44:41.308707952 CEST4917180192.168.2.2213.225.10.37
                                                                                                  May 22, 2024 16:44:50.192917109 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:44:50.197932959 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:45:00.208105087 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:45:00.216603994 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:45:10.223475933 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:45:10.232649088 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:45:20.254112005 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:45:20.259104013 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:45:30.269311905 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:45:30.274446011 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:45:40.284635067 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:45:40.289772034 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:45:50.299796104 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:45:50.306904078 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:46:00.314943075 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:46:00.322916031 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:46:10.346129894 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:46:10.355202913 CEST804916989.187.179.132192.168.2.22
                                                                                                  May 22, 2024 16:46:20.360968113 CEST4916980192.168.2.2289.187.179.132
                                                                                                  May 22, 2024 16:46:20.366144896 CEST804916989.187.179.132192.168.2.22

                                                                                                  UDP Packets

                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                  May 22, 2024 16:44:24.257469893 CEST5482153192.168.2.228.8.8.8
                                                                                                  May 22, 2024 16:44:24.269330978 CEST53548218.8.8.8192.168.2.22
                                                                                                  May 22, 2024 16:44:24.550648928 CEST5471953192.168.2.228.8.8.8
                                                                                                  May 22, 2024 16:44:24.603643894 CEST53547198.8.8.8192.168.2.22
                                                                                                  May 22, 2024 16:44:24.828236103 CEST4988153192.168.2.228.8.8.8
                                                                                                  May 22, 2024 16:44:24.865961075 CEST53498818.8.8.8192.168.2.22
                                                                                                  May 22, 2024 16:44:30.013319016 CEST5499853192.168.2.228.8.8.8
                                                                                                  May 22, 2024 16:44:30.030827999 CEST53549988.8.8.8192.168.2.22
                                                                                                  May 22, 2024 16:44:30.929048061 CEST5278153192.168.2.228.8.8.8
                                                                                                  May 22, 2024 16:44:30.968059063 CEST53527818.8.8.8192.168.2.22
                                                                                                  May 22, 2024 16:44:35.592751026 CEST6392653192.168.2.228.8.8.8
                                                                                                  May 22, 2024 16:44:35.873363972 CEST53639268.8.8.8192.168.2.22
                                                                                                  May 22, 2024 16:44:36.398772955 CEST6551053192.168.2.228.8.8.8
                                                                                                  May 22, 2024 16:44:36.423367023 CEST53655108.8.8.8192.168.2.22
                                                                                                  May 22, 2024 16:44:40.241008043 CEST4938453192.168.2.228.8.8.8
                                                                                                  May 22, 2024 16:44:40.251908064 CEST53493848.8.8.8192.168.2.22

                                                                                                  DNS Queries

                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                  May 22, 2024 16:44:24.257469893 CEST192.168.2.228.8.8.80x1adfStandard query (0)boot.net.anydesk.comA (IP address)IN (0x0001)false
                                                                                                  May 22, 2024 16:44:24.550648928 CEST192.168.2.228.8.8.80x9351Standard query (0)boot.net.anydesk.comA (IP address)IN (0x0001)false
                                                                                                  May 22, 2024 16:44:24.828236103 CEST192.168.2.228.8.8.80x4e27Standard query (0)boot.net.anydesk.comA (IP address)IN (0x0001)false
                                                                                                  May 22, 2024 16:44:30.013319016 CEST192.168.2.228.8.8.80xd968Standard query (0)boot.net.anydesk.comA (IP address)IN (0x0001)false
                                                                                                  May 22, 2024 16:44:30.929048061 CEST192.168.2.228.8.8.80xeb51Standard query (0)boot.net.anydesk.comA (IP address)IN (0x0001)false
                                                                                                  May 22, 2024 16:44:35.592751026 CEST192.168.2.228.8.8.80x44d4Standard query (0)relay-0b975d23.net.anydesk.comA (IP address)IN (0x0001)false
                                                                                                  May 22, 2024 16:44:36.398772955 CEST192.168.2.228.8.8.80x3093Standard query (0)relay-0b975d23.net.anydesk.comA (IP address)IN (0x0001)false
                                                                                                  May 22, 2024 16:44:40.241008043 CEST192.168.2.228.8.8.80x5669Standard query (0)api.playanext.comA (IP address)IN (0x0001)false

                                                                                                  DNS Answers

                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                  May 22, 2024 16:44:24.269330978 CEST8.8.8.8192.168.2.220x1adfNo error (0)boot.net.anydesk.com195.181.174.167A (IP address)IN (0x0001)false
                                                                                                  May 22, 2024 16:44:24.603643894 CEST8.8.8.8192.168.2.220x9351No error (0)boot.net.anydesk.com141.95.145.210A (IP address)IN (0x0001)false
                                                                                                  May 22, 2024 16:44:24.865961075 CEST8.8.8.8192.168.2.220x4e27No error (0)boot.net.anydesk.com195.181.174.167A (IP address)IN (0x0001)false
                                                                                                  May 22, 2024 16:44:30.030827999 CEST8.8.8.8192.168.2.220xd968No error (0)boot.net.anydesk.com57.129.19.1A (IP address)IN (0x0001)false
                                                                                                  May 22, 2024 16:44:30.968059063 CEST8.8.8.8192.168.2.220xeb51No error (0)boot.net.anydesk.com57.128.101.74A (IP address)IN (0x0001)false
                                                                                                  May 22, 2024 16:44:35.873363972 CEST8.8.8.8192.168.2.220x44d4No error (0)relay-0b975d23.net.anydesk.com89.187.179.132A (IP address)IN (0x0001)false
                                                                                                  May 22, 2024 16:44:36.423367023 CEST8.8.8.8192.168.2.220x3093No error (0)relay-0b975d23.net.anydesk.com89.187.179.132A (IP address)IN (0x0001)false
                                                                                                  May 22, 2024 16:44:40.251908064 CEST8.8.8.8192.168.2.220x5669No error (0)api.playanext.comd1atxff5avezsq.cloudfront.netCNAME (Canonical name)IN (0x0001)false
                                                                                                  May 22, 2024 16:44:40.251908064 CEST8.8.8.8192.168.2.220x5669No error (0)d1atxff5avezsq.cloudfront.net13.225.10.64A (IP address)IN (0x0001)false
                                                                                                  May 22, 2024 16:44:40.251908064 CEST8.8.8.8192.168.2.220x5669No error (0)d1atxff5avezsq.cloudfront.net13.225.10.88A (IP address)IN (0x0001)false
                                                                                                  May 22, 2024 16:44:40.251908064 CEST8.8.8.8192.168.2.220x5669No error (0)d1atxff5avezsq.cloudfront.net13.225.10.84A (IP address)IN (0x0001)false
                                                                                                  May 22, 2024 16:44:40.251908064 CEST8.8.8.8192.168.2.220x5669No error (0)d1atxff5avezsq.cloudfront.net13.225.10.37A (IP address)IN (0x0001)false

                                                                                                  HTTP Request Dependency Graph

                                                                                                  • api.playanext.comuser-agent: anydesk

                                                                                                  HTTP Packets

                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  0192.168.2.224916757.128.101.74802704C:\Users\user\Desktop\f_0002b5.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  May 22, 2024 16:44:31.063158989 CEST274OUTData Raw: 16 03 01 01 0d 01 00 01 09 03 03 cc 09 1e 38 66 a7 7a 0b a4 ae f6 81 ff 33 71 58 6d e2 a7 d8 fa d4 4c fd cf 2b 26 c5 3a 59 46 3e 00 00 6e c0 30 c0 2c c0 28 c0 24 c0 14 c0 0a 00 a5 00 a3 00 a1 00 9f 00 6b 00 6a 00 69 00 68 00 39 00 38 00 37 00 36
                                                                                                  Data Ascii: 8fz3qXmL+&:YF>n0,($kjih98762.*&=5/+'#g@?>32101-)%</r#
                                                                                                  May 22, 2024 16:44:34.710155010 CEST1235INData Raw: 16 03 03 00 57 02 00 00 53 03 03 7b 6a 74 41 33 c5 27 86 37 87 87 a5 e0 a3 e3 32 77 89 e6 b1 ec 3f 9b ce 44 4f 57 4e 47 52 44 01 20 96 2f 22 97 f2 5b b7 16 c7 62 d8 85 40 d6 8f f3 1c 8f 3a 4e 55 7b 6b 06 9d 8d c0 4a c2 ca c2 03 c0 2c 00 00 0b ff
                                                                                                  Data Ascii: WS{jtA3'72w?DOWNGRD /"[b@:NU{kJ,OKHE0A0)yA0*H0J10UAnyNet Root CA 21 0Uphilandro Software GmbH10UDE0190227210728Z2902242
                                                                                                  May 22, 2024 16:44:34.852494001 CEST1094OUTData Raw: 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30 82 02 a8 30 82 01 90 02 01 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 19 31 17 30 15 06 03 55 04 03 0c 0e 41 6e 79 44 65 73 6b 20 43 6c 69 65 6e 74 30 20 17 0d 32 34 30 35 32 32 31 34 34 34
                                                                                                  Data Ascii: 000*H010UAnyDesk Client0 240522144423Z20740510144423Z010UAnyDesk Client0"0*H0%k'[sSLIWpCFD7T|%#zdbf\Sl)&v.m5g[nT
                                                                                                  May 22, 2024 16:44:35.070635080 CEST91INData Raw: 14 03 03 00 01 01 16 03 03 00 28 1c 3a aa 8d a5 a9 72 af 36 97 7e 31 7e 33 a5 93 17 bb 50 9b e2 14 56 c0 60 2b b6 66 f2 1d 0a 6b 66 6f 2c a4 c5 6c 95 7c 17 03 03 00 23 1c 3a aa 8d a5 a9 72 b0 e5 80 18 e6 1f b9 be fc 44 4c 79 fb f9 14 00 25 3d d3
                                                                                                  Data Ascii: (:r6~1~3PV`+fkfo,l|#:rDLy%=Qrw
                                                                                                  May 22, 2024 16:44:35.126414061 CEST87OUTData Raw: 17 03 03 00 52 bc de 40 5f a3 d9 2f 51 96 c7 fa fc 13 76 8d d3 9a d3 fd 17 14 19 93 b8 40 aa de f9 14 30 d0 2d 5b 41 99 a5 e7 2e a2 44 a6 60 37 44 ec f3 82 91 8f 07 7e 85 3a 48 96 28 f9 0e d3 b8 d8 06 57 87 5e a7 fc ad 44 87 1b 87 ee f8 03 d2 db
                                                                                                  Data Ascii: R@_/Qv@0-[A.D`7D~:H(W^D^
                                                                                                  May 22, 2024 16:44:35.447813988 CEST427INData Raw: 17 03 03 01 a6 1c 3a aa 8d a5 a9 72 b1 73 45 dc 27 2c 1f 82 98 6e 3c ad 89 a7 c2 f1 1a 43 34 82 6e 3a 8e 40 e7 41 d7 8b 5e 93 8a 61 af 27 e5 04 e8 7b 68 67 2f b4 49 ec 93 d6 d2 2f e5 e9 8d 01 85 d1 67 00 04 8d a7 89 18 be 5b a9 a7 d9 62 27 78 34
                                                                                                  Data Ascii: :rsE',n<C4n:@A^a'{hg/I/g[b'x4o a{'(oIgwZ3~\|D:QV^U'4"5U\{y,MNsSjV&i:-FO^'Fic!z&[,.iUcd5zB6u2r4%kHFA/


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  1192.168.2.224916989.187.179.132802704C:\Users\user\Desktop\f_0002b5.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  May 22, 2024 16:44:36.485030890 CEST274OUTData Raw: 16 03 01 01 0d 01 00 01 09 03 03 ca a4 e4 1f 66 f8 b8 c1 ce 4e af 8c 52 40 05 34 3b b7 40 2b 64 68 8b 12 9d 32 42 5b 64 6e a2 d2 00 00 6e c0 30 c0 2c c0 28 c0 24 c0 14 c0 0a 00 a5 00 a3 00 a1 00 9f 00 6b 00 6a 00 69 00 68 00 39 00 38 00 37 00 36
                                                                                                  Data Ascii: fNR@4;@+dh2B[dnn0,($kjih98762.*&=5/+'#g@?>32101-)%</r#
                                                                                                  May 22, 2024 16:44:36.960701942 CEST1234INData Raw: 16 03 03 00 57 02 00 00 53 03 03 7a 9a dd 18 15 e1 71 7e b6 ff f8 5d 9f 67 d5 4e 3f 30 4c 92 67 cb 17 0e 44 4f 57 4e 47 52 44 01 20 8d 1a 1a a9 5e d9 4f 04 b9 85 97 1c 67 f4 35 dd 8e 9e 2a 9f 09 7c 2a 98 c2 63 de 2b c0 25 3a 16 c0 2c 00 00 0b ff
                                                                                                  Data Ascii: WSzq~]gN?0LgDOWNGRD ^Og5*|*c+%:,OKHE0A0)yA0*H0J10UAnyNet Root CA 21 0Uphilandro Software GmbH10UDE0190227210728Z2902242
                                                                                                  May 22, 2024 16:44:36.970505953 CEST1094OUTData Raw: 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30 82 02 a8 30 82 01 90 02 01 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 19 31 17 30 15 06 03 55 04 03 0c 0e 41 6e 79 44 65 73 6b 20 43 6c 69 65 6e 74 30 20 17 0d 32 34 30 35 32 32 31 34 34 34
                                                                                                  Data Ascii: 000*H010UAnyDesk Client0 240522144423Z20740510144423Z010UAnyDesk Client0"0*H0%k'[sSLIWpCFD7T|%#zdbf\Sl)&v.m5g[nT
                                                                                                  May 22, 2024 16:44:37.117228031 CEST51INData Raw: 14 03 03 00 01 01 16 03 03 00 28 2f 9d 99 0d e6 05 22 34 13 1e 20 fd 07 36 71 54 88 51 06 d7 1c b0 7f 6b 4a 45 ad ec 99 7e 7b ad ca 9d d0 e3 1b 55 ed 7b
                                                                                                  Data Ascii: (/"4 6qTQkJE~{U{
                                                                                                  May 22, 2024 16:44:37.214653969 CEST40INData Raw: 17 03 03 00 23 2f 9d 99 0d e6 05 22 35 e9 3b cb f5 1e f0 a5 42 10 54 07 91 08 a6 30 ea 5c 41 1f 3d 40 57 7f 33 75 d5 67
                                                                                                  Data Ascii: #/"5;BT0\A=@W3ug
                                                                                                  May 22, 2024 16:44:37.215024948 CEST87OUTData Raw: 17 03 03 00 52 97 68 d5 cd b6 f6 34 63 e8 85 ae 8a dc 96 a8 60 71 37 92 2d e2 68 c8 13 ae f8 a1 f4 ed 13 1a 33 76 58 78 5c 87 36 cd b2 b3 4f 1f dd cb 35 9e 36 a3 8c 5e 05 75 4e 5c 3e 04 0f 64 33 6a 1b 5e b3 ea de d2 00 14 6e af 75 89 a2 89 59 54
                                                                                                  Data Ascii: Rh4c`q7-h3vXx\6O56^uN\>d3j^nuYT&i
                                                                                                  May 22, 2024 16:44:37.527065992 CEST146INData Raw: 17 03 03 00 8d 2f 9d 99 0d e6 05 22 36 a8 a9 14 b6 91 a1 2d ad 84 9c 48 a6 80 d2 e1 cd cf 6a e0 b6 9b 4f 2b 72 df 3e ba 91 43 4a ea 03 7c 46 2b c4 ba 70 25 5b ef 70 2a 56 ff 8d 00 63 25 9e 57 25 b6 94 46 57 4b e7 61 9f 55 f3 21 6e 3e ae 1b a8 af
                                                                                                  Data Ascii: /"6-HjO+r>CJ|F+p%[p*Vc%W%FWKaU!n>l45FR.NlqMliFd3f{Eydm;~=SIU
                                                                                                  May 22, 2024 16:44:37.607359886 CEST564OUTData Raw: 17 03 03 02 2f 97 68 d5 cd b6 f6 34 64 bf f8 9a 8e 99 86 47 1f 7c cf 27 2e 45 eb 7e 11 fc 4e 16 22 4e 16 24 4e f9 e6 cd 87 14 c8 ef df 42 d5 8d 19 a4 aa 58 93 c2 aa 86 c9 75 a6 88 a4 2c 95 ae 6d de 32 df b4 cb 8f d0 ff bd 57 0b 81 e9 67 8e 34 2f
                                                                                                  Data Ascii: /h4dG|'.E~N"N$NBXu,m2Wg4/K1q[9?![xQ28hF1J@#621a:g"9kI9vLFfFc~kbh!9p6|rV&Jq/t.|b/T8PFFL6;45fyU
                                                                                                  May 22, 2024 16:44:37.607359886 CEST61OUTData Raw: 17 03 03 00 38 97 68 d5 cd b6 f6 34 65 9f 34 74 ed 33 be 4f 95 ab 11 f1 da d8 d2 7b 5e ae dc 4f c0 5e 99 a5 1a 82 78 e9 15 91 d9 ad 80 64 1d 51 42 3a 8e 8c 00 0d ab 58 58 57 37 93 67
                                                                                                  Data Ascii: 8h4e4t3O{^O^xdQB:XXW7g
                                                                                                  May 22, 2024 16:44:37.607601881 CEST539OUTData Raw: 17 03 03 02 16 97 68 d5 cd b6 f6 34 66 67 4d d1 b2 84 a8 d1 d8 3d d3 cf 17 79 49 fb 8c ed 94 c7 bf c9 97 d6 72 4a 4a 0d bd b0 d7 5d 5a 30 f6 72 76 b4 32 ca 82 4a 62 11 aa e6 5d 24 f8 05 53 c9 34 e8 4a 7b 32 4b b7 0b 16 94 a5 7a bb 15 b8 ac c4 84
                                                                                                  Data Ascii: h4fgM=yIrJJ]Z0rv2Jb]$S4J{2KznpV[_k4P8W-~xC<svyM'Qbg]@raz#x[trAUGSor/%-xPM"?aZqRD7{Sx+ul!7k(~"


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  2192.168.2.224917113.225.10.37802704C:\Users\user\Desktop\f_0002b5.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  May 22, 2024 16:44:40.258534908 CEST509OUTPOST /httpapi HTTP/1.1Host: api.playanext.comUser-Agent: AnyDesk/8.0.10Accept: */*Content-Length: 354Content-Type: application/x-www-form-urlencodedapi_key=c1426bd258099fa69f62933b466d4b77&event=[{"event_type":"check_offer","user_id":"d1e6315c5d1cd55be3a98d991cc225d4","session_id":1716389259216828,"ip":"$remote","event_properties":{"method_used":"Google Chrome Criteria Checker","offer_product":"Google Chrome","distributor":"AnyDesk","distributor_product":"AnyDesk","user_country":"United States"}}
                                                                                                  Data Raw:
                                                                                                  Data Ascii:


                                                                                                  Statistics

                                                                                                  CPU Usage

                                                                                                  Click to jump to process

                                                                                                  Memory Usage

                                                                                                  Click to jump to process

                                                                                                  High Level Behavior Distribution

                                                                                                  Click to dive into process behavior distribution

                                                                                                  Behavior

                                                                                                  Click to jump to process

                                                                                                  System Behavior

                                                                                                  General

                                                                                                  Target ID:0
                                                                                                  Start time:10:44:19
                                                                                                  Start date:22/05/2024
                                                                                                  Path:C:\Users\user\Desktop\f_0002b5.exe
                                                                                                  Wow64 process (32bit):true
                                                                                                  Commandline:"C:\Users\user\Desktop\f_0002b5.exe"
                                                                                                  Imagebase:0x1320000
                                                                                                  File size:5'328'200 bytes
                                                                                                  MD5 hash:AEE6801792D67607F228BE8CEC8291F9
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:low
                                                                                                  Has exited:false

                                                                                                  General

                                                                                                  Target ID:2
                                                                                                  Start time:10:44:20
                                                                                                  Start date:22/05/2024
                                                                                                  Path:C:\Users\user\Desktop\f_0002b5.exe
                                                                                                  Wow64 process (32bit):true
                                                                                                  Commandline:"C:\Users\user\Desktop\f_0002b5.exe" --local-service
                                                                                                  Imagebase:0x1320000
                                                                                                  File size:5'328'200 bytes
                                                                                                  MD5 hash:AEE6801792D67607F228BE8CEC8291F9
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:low
                                                                                                  Has exited:false

                                                                                                  General

                                                                                                  Target ID:3
                                                                                                  Start time:10:44:20
                                                                                                  Start date:22/05/2024
                                                                                                  Path:C:\Users\user\Desktop\f_0002b5.exe
                                                                                                  Wow64 process (32bit):true
                                                                                                  Commandline:"C:\Users\user\Desktop\f_0002b5.exe" --local-control
                                                                                                  Imagebase:0x1320000
                                                                                                  File size:5'328'200 bytes
                                                                                                  MD5 hash:AEE6801792D67607F228BE8CEC8291F9
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:low
                                                                                                  Has exited:false

                                                                                                  Disassembly

                                                                                                  Reset < >

                                                                                                    Execution Graph

                                                                                                    Execution Coverage:1.4%
                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                    Signature Coverage:2.6%
                                                                                                    Total number of Nodes:462
                                                                                                    Total number of Limit Nodes:19
                                                                                                    execution_graph 34042 6c666566 34043 6c666572 34042->34043 34045 6c6665ae 34043->34045 34046 6c67fc5e 4 API calls 2 library calls 34043->34046 34046->34045 34047 6c68f42c 34068 6c68ed01 5 API calls _abort 34047->34068 34049 6c68f431 34069 6c68ed1b 5 API calls _abort 34049->34069 34051 6c68f436 34070 6c68ed35 5 API calls _abort 34051->34070 34053 6c68f43b 34071 6c68ed4f 34053->34071 34057 6c68f445 34075 6c68ed83 5 API calls _abort 34057->34075 34059 6c68f44a 34076 6c68ed9d 5 API calls _abort 34059->34076 34061 6c68f44f 34077 6c68edb7 5 API calls _abort 34061->34077 34063 6c68f454 34078 6c68edeb 34063->34078 34067 6c68f45e 34067->34067 34068->34049 34069->34051 34070->34053 34084 6c68ee1f 34071->34084 34074 6c68ed69 5 API calls _abort 34074->34057 34075->34059 34076->34061 34077->34063 34079 6c68ee1f _abort 5 API calls 34078->34079 34080 6c68ee01 34079->34080 34081 6c68edd1 34080->34081 34082 6c68ee1f _abort 5 API calls 34081->34082 34083 6c68ede7 34082->34083 34083->34067 34085 6c68ee4b 34084->34085 34086 6c68ed65 34084->34086 34085->34086 34090 6c68ee6f 34085->34090 34091 6c68eebb 34085->34091 34086->34074 34088 6c68ee7b GetProcAddress 34089 6c68ee8b __crt_fast_encode_pointer 34088->34089 34089->34086 34090->34086 34090->34088 34092 6c68eedc LoadLibraryExW 34091->34092 34093 6c68eed1 34091->34093 34094 6c68eef9 GetLastError 34092->34094 34095 6c68ef11 34092->34095 34093->34085 34094->34095 34096 6c68ef04 LoadLibraryExW 34094->34096 34095->34093 34097 6c68ef28 FreeLibrary 34095->34097 34096->34095 34097->34093 34098 6c6974ac 34099 6c6974b5 34098->34099 34103 6c6974eb 34098->34103 34104 6c68fc34 34099->34104 34105 6c68fc4b 34104->34105 34106 6c68fc3f 34104->34106 34142 6c68b8f3 20 API calls 3 library calls 34105->34142 34141 6c68f0af 11 API calls 2 library calls 34106->34141 34109 6c68fc45 34109->34105 34111 6c68fc94 34109->34111 34110 6c68fc57 34112 6c68fc5f 34110->34112 34144 6c68f105 11 API calls 2 library calls 34110->34144 34123 6c69730c 34111->34123 34143 6c68cba5 20 API calls _free 34112->34143 34115 6c68fc74 34115->34112 34117 6c68fc7b 34115->34117 34116 6c68fc65 34116->34111 34147 6c685db7 36 API calls 2 library calls 34116->34147 34145 6c68f9f6 20 API calls __dosmaperr 34117->34145 34119 6c68fc86 34146 6c68cba5 20 API calls _free 34119->34146 34122 6c68fc9d 34148 6c697419 34123->34148 34125 6c697321 34155 6c6970a0 34125->34155 34128 6c69733a 34128->34103 34131 6c69737d 34182 6c68cba5 20 API calls _free 34131->34182 34135 6c697378 34181 6c68abdd 20 API calls __dosmaperr 34135->34181 34137 6c6973c1 34137->34131 34184 6c696fb7 20 API calls 34137->34184 34138 6c697395 34138->34137 34183 6c68cba5 20 API calls _free 34138->34183 34141->34109 34142->34110 34143->34116 34144->34115 34145->34119 34146->34116 34147->34122 34150 6c697425 ___DestructExceptionObject 34148->34150 34151 6c6974a4 ___DestructExceptionObject 34150->34151 34185 6c685db7 36 API calls 2 library calls 34150->34185 34186 6c68b688 EnterCriticalSection 34150->34186 34187 6c68cba5 20 API calls _free 34150->34187 34188 6c69749b LeaveCriticalSection std::_Lockit::~_Lockit 34150->34188 34151->34125 34189 6c687326 34155->34189 34158 6c6970c1 GetOEMCP 34160 6c6970ea 34158->34160 34159 6c6970d3 34159->34160 34161 6c6970d8 GetACP 34159->34161 34160->34128 34162 6c68c844 34160->34162 34161->34160 34163 6c68c882 34162->34163 34164 6c68c852 34162->34164 34201 6c68abdd 20 API calls __dosmaperr 34163->34201 34165 6c68c86d HeapAlloc 34164->34165 34166 6c68c856 _abort 34164->34166 34165->34166 34169 6c68c880 34165->34169 34166->34163 34166->34165 34200 6c68b48e 7 API calls 2 library calls 34166->34200 34168 6c68c887 34168->34131 34171 6c69750d 34168->34171 34169->34168 34172 6c6970a0 38 API calls 34171->34172 34173 6c69752c 34172->34173 34176 6c69757d IsValidCodePage 34173->34176 34178 6c697533 34173->34178 34180 6c6975a2 ___scrt_fastfail 34173->34180 34175 6c697370 34175->34135 34175->34138 34177 6c69758f GetCPInfo 34176->34177 34176->34178 34177->34178 34177->34180 34212 6c680c5d 34178->34212 34202 6c697178 GetCPInfo 34180->34202 34181->34131 34182->34128 34183->34137 34184->34131 34185->34150 34186->34150 34187->34150 34188->34150 34190 6c687339 34189->34190 34191 6c687343 34189->34191 34190->34158 34190->34159 34191->34190 34197 6c68fbb0 36 API calls 3 library calls 34191->34197 34193 6c687364 34198 6c690c53 36 API calls __Getctype 34193->34198 34195 6c68737d 34199 6c690c80 36 API calls __cftoe 34195->34199 34197->34193 34198->34195 34199->34190 34200->34166 34201->34168 34208 6c6971b2 34202->34208 34211 6c69725c 34202->34211 34205 6c680c5d TranslatorGuardHandler 5 API calls 34207 6c697308 34205->34207 34207->34178 34219 6c694be8 34208->34219 34210 6c694f22 41 API calls 34210->34211 34211->34205 34213 6c680c68 IsProcessorFeaturePresent 34212->34213 34214 6c680c66 34212->34214 34216 6c680fff 34213->34216 34214->34175 34278 6c680fc3 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 34216->34278 34218 6c6810e2 34218->34175 34220 6c687326 __cftoe 36 API calls 34219->34220 34221 6c694c08 MultiByteToWideChar 34220->34221 34223 6c694c46 34221->34223 34231 6c694cde 34221->34231 34226 6c68c844 __fread_nolock 21 API calls 34223->34226 34229 6c694c67 __DllMainCRTStartup@12 ___scrt_fastfail 34223->34229 34224 6c680c5d TranslatorGuardHandler 5 API calls 34227 6c694d01 34224->34227 34225 6c694cd8 34238 6c680399 20 API calls _free 34225->34238 34226->34229 34233 6c694f22 34227->34233 34229->34225 34230 6c694cac MultiByteToWideChar 34229->34230 34230->34225 34232 6c694cc8 GetStringTypeW 34230->34232 34231->34224 34232->34225 34234 6c687326 __cftoe 36 API calls 34233->34234 34235 6c694f35 34234->34235 34239 6c694d05 34235->34239 34238->34231 34240 6c694d20 34239->34240 34241 6c694d46 MultiByteToWideChar 34240->34241 34242 6c694efa 34241->34242 34243 6c694d70 34241->34243 34244 6c680c5d TranslatorGuardHandler 5 API calls 34242->34244 34246 6c68c844 __fread_nolock 21 API calls 34243->34246 34249 6c694d91 __DllMainCRTStartup@12 34243->34249 34245 6c694f0d 34244->34245 34245->34210 34246->34249 34247 6c694dda MultiByteToWideChar 34248 6c694e46 34247->34248 34250 6c694df3 34247->34250 34275 6c680399 20 API calls _free 34248->34275 34249->34247 34249->34248 34266 6c68f364 34250->34266 34254 6c694e1d 34254->34248 34257 6c68f364 11 API calls 34254->34257 34255 6c694e55 34258 6c68c844 __fread_nolock 21 API calls 34255->34258 34261 6c694e76 __DllMainCRTStartup@12 34255->34261 34256 6c694eeb 34274 6c680399 20 API calls _free 34256->34274 34257->34248 34258->34261 34259 6c68f364 11 API calls 34262 6c694eca 34259->34262 34261->34256 34261->34259 34262->34256 34263 6c694ed9 WideCharToMultiByte 34262->34263 34263->34256 34264 6c694f19 34263->34264 34276 6c680399 20 API calls _free 34264->34276 34267 6c68edeb 5 API calls 34266->34267 34268 6c68f37a 34267->34268 34271 6c68f380 34268->34271 34277 6c68f3d8 10 API calls TranslatorGuardHandler 34268->34277 34270 6c68f3c0 LCMapStringW 34270->34271 34272 6c680c5d TranslatorGuardHandler 5 API calls 34271->34272 34273 6c68f3d2 34272->34273 34273->34248 34273->34254 34273->34255 34274->34248 34275->34242 34276->34248 34277->34270 34278->34218 34279 6c68fd23 34287 6c68f003 34279->34287 34282 6c68fd37 34284 6c68fd3f 34285 6c68fd4c 34284->34285 34295 6c68fd4f 11 API calls 34284->34295 34288 6c68ee1f _abort 5 API calls 34287->34288 34289 6c68f02a 34288->34289 34290 6c68f042 TlsAlloc 34289->34290 34291 6c68f033 34289->34291 34290->34291 34292 6c680c5d TranslatorGuardHandler 5 API calls 34291->34292 34293 6c68f053 34292->34293 34293->34282 34294 6c68fc9e 20 API calls 3 library calls 34293->34294 34294->34284 34295->34282 34296 6c66158d 34299 6c67f98b 34296->34299 34300 6c67f997 34299->34300 34305 6c67f7de 4 API calls 2 library calls 34300->34305 34302 6c67f9af 34306 6c67f7de 4 API calls 2 library calls 34302->34306 34304 6c661594 34305->34302 34306->34304 34307 6c680965 34308 6c680971 ___DestructExceptionObject 34307->34308 34327 6c680dd1 34308->34327 34310 6c680978 34311 6c68097d ___DestructExceptionObject 34310->34311 34312 6c6809a5 34310->34312 34357 6c6814b2 IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 34310->34357 34338 6c680d34 34312->34338 34315 6c6809b4 __RTC_Initialize 34315->34311 34341 6c680fae 34315->34341 34319 6c6809cc 34320 6c680fae 23 API calls 34319->34320 34321 6c6809d8 ___scrt_initialize_default_local_stdio_options 34320->34321 34345 6c68d16f 34321->34345 34325 6c6809f9 34325->34311 34353 6c68d113 34325->34353 34328 6c680dda 34327->34328 34358 6c68168b IsProcessorFeaturePresent 34328->34358 34330 6c680de6 34359 6c68545a 34330->34359 34332 6c680deb 34337 6c680def 34332->34337 34371 6c68de13 34332->34371 34335 6c680e06 34335->34310 34337->34310 34422 6c680e0a 34338->34422 34340 6c680d3b 34340->34315 34428 6c680f73 34341->34428 34344 6c681471 InitializeSListHead 34344->34319 34346 6c68d186 34345->34346 34347 6c680c5d TranslatorGuardHandler 5 API calls 34346->34347 34348 6c6809ee 34347->34348 34348->34311 34349 6c680d09 34348->34349 34350 6c680d0e ___scrt_release_startup_lock 34349->34350 34352 6c680d17 34350->34352 34436 6c68168b IsProcessorFeaturePresent 34350->34436 34352->34325 34354 6c68d142 34353->34354 34355 6c680c5d TranslatorGuardHandler 5 API calls 34354->34355 34356 6c68d16b 34355->34356 34356->34311 34357->34312 34358->34330 34360 6c68545f ___vcrt_initialize_pure_virtual_call_handler 34359->34360 34375 6c685c0e 34360->34375 34363 6c68546d 34363->34332 34365 6c685475 34366 6c685479 34365->34366 34367 6c685480 34365->34367 34389 6c685c4a DeleteCriticalSection 34366->34389 34390 6c685296 GetProcAddress LoadLibraryExW GetLastError LoadLibraryExW FreeLibrary 34367->34390 34370 6c685485 34370->34332 34418 6c697b94 34371->34418 34374 6c68549e 8 API calls 4 library calls 34374->34337 34376 6c685c17 34375->34376 34378 6c685c40 34376->34378 34380 6c685469 34376->34380 34391 6c685a0a 34376->34391 34396 6c685c4a DeleteCriticalSection 34378->34396 34380->34363 34381 6c685638 34380->34381 34411 6c68591f 34381->34411 34383 6c685642 34388 6c68564d 34383->34388 34416 6c6859cd 6 API calls ___vcrt_EventUnregister 34383->34416 34385 6c685668 34385->34365 34386 6c68565b 34386->34385 34417 6c68566b 6 API calls ___vcrt_FlsFree 34386->34417 34388->34365 34389->34363 34390->34370 34397 6c6856f8 34391->34397 34394 6c685a41 InitializeCriticalSectionAndSpinCount 34395 6c685a2d 34394->34395 34395->34376 34396->34380 34398 6c685728 34397->34398 34399 6c68572c 34397->34399 34398->34399 34403 6c68574c 34398->34403 34404 6c685798 34398->34404 34399->34394 34399->34395 34401 6c685758 GetProcAddress 34402 6c685768 __crt_fast_encode_pointer 34401->34402 34402->34399 34403->34399 34403->34401 34405 6c6857c0 LoadLibraryExW 34404->34405 34410 6c6857b5 34404->34410 34406 6c6857dc GetLastError 34405->34406 34407 6c6857f4 34405->34407 34406->34407 34408 6c6857e7 LoadLibraryExW 34406->34408 34409 6c68580b FreeLibrary 34407->34409 34407->34410 34408->34407 34409->34410 34410->34398 34412 6c6856f8 ___vcrt_EventUnregister 5 API calls 34411->34412 34413 6c685939 34412->34413 34414 6c685951 TlsAlloc 34413->34414 34415 6c685942 34413->34415 34415->34383 34416->34386 34417->34388 34419 6c697bad 34418->34419 34420 6c680c5d TranslatorGuardHandler 5 API calls 34419->34420 34421 6c680df8 34420->34421 34421->34335 34421->34374 34423 6c680e18 34422->34423 34426 6c680e1d ___scrt_initialize_onexit_tables ___scrt_release_startup_lock 34422->34426 34423->34426 34427 6c6814b2 IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 34423->34427 34425 6c680ea0 34426->34340 34427->34425 34429 6c680f90 34428->34429 34430 6c680f97 34428->34430 34434 6c68dc51 23 API calls __onexit 34429->34434 34435 6c68dcc1 23 API calls __onexit 34430->34435 34433 6c6809c7 34433->34344 34434->34433 34435->34433 34436->34352 34437 6c680c3a 34438 6c680c48 34437->34438 34439 6c680c43 34437->34439 34443 6c680af4 34438->34443 34460 6c6813d5 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 34439->34460 34442 6c680c56 34445 6c680b00 ___DestructExceptionObject 34443->34445 34444 6c680b29 dllmain_raw 34446 6c680b0f ___DestructExceptionObject 34444->34446 34448 6c680b43 dllmain_crt_dispatch 34444->34448 34445->34444 34445->34446 34447 6c680b24 34445->34447 34446->34442 34451 6c680b65 34447->34451 34461 6c68515e 12 API calls 2 library calls 34447->34461 34448->34446 34448->34447 34462 6c67ef28 92 API calls 2 library calls 34451->34462 34452 6c680b70 34453 6c680b9c 34452->34453 34463 6c67ef28 92 API calls 2 library calls 34452->34463 34454 6c680baf 34453->34454 34464 6c6851fa 12 API calls 2 library calls 34453->34464 34454->34446 34456 6c680bb9 dllmain_crt_dispatch 34454->34456 34456->34446 34458 6c680bcc dllmain_raw 34456->34458 34458->34446 34459 6c680b88 dllmain_crt_dispatch dllmain_raw 34459->34453 34460->34438 34461->34451 34462->34452 34463->34459 34464->34454 34465 6c6664b0 34470 6c6808da 34465->34470 34469 6c6664ca 34476 6c6808df 34470->34476 34472 6c6664c1 34477 6c67f888 34472->34477 34476->34472 34489 6c67f02e 34476->34489 34494 6c68b48e 7 API calls 2 library calls 34476->34494 34495 6c6813b8 RaiseException __CxxThrowException@8 new 34476->34495 34496 6c68139b 12 API calls 3 library calls 34476->34496 34478 6c67f894 __EH_prolog3 34477->34478 34499 6c67f643 34478->34499 34484 6c67f90e std::locale::_Locimp::_Locimp_dtor 34484->34469 34488 6c67f8d0 34515 6c67f69b LeaveCriticalSection LeaveCriticalSection std::_Lockit::~_Lockit 34488->34515 34491 6c67f033 34489->34491 34492 6c67f061 34491->34492 34497 6c68b4d2 EnterCriticalSection LeaveCriticalSection _Yarn ___DestructExceptionObject std::_Lockit::_Lockit 34491->34497 34498 6c67efaf HeapAlloc std::locale::_Locimp::_Locimp_dtor 34491->34498 34492->34476 34494->34476 34497->34491 34498->34491 34500 6c67f652 34499->34500 34501 6c67f659 34499->34501 34516 6c68b6e7 EnterCriticalSection std::_Lockit::_Lockit 34500->34516 34503 6c67f657 34501->34503 34517 6c6800dd EnterCriticalSection 34501->34517 34503->34488 34505 6c67f9f8 34503->34505 34506 6c6808da new 15 API calls 34505->34506 34508 6c67fa03 34506->34508 34507 6c67f8b2 34510 6c67fa1d 34507->34510 34508->34507 34518 6c67f6ba HeapAlloc HeapFree EnterCriticalSection LeaveCriticalSection _Yarn 34508->34518 34511 6c67f8ba 34510->34511 34512 6c67fa29 34510->34512 34514 6c67f7de 4 API calls 2 library calls 34511->34514 34519 6c68015d 34512->34519 34514->34488 34515->34484 34516->34503 34517->34503 34518->34507 34520 6c68016d RtlEncodePointer 34519->34520 34521 6c685db7 34519->34521 34520->34511 34543 6c68e98d EnterCriticalSection LeaveCriticalSection _abort 34521->34543 34523 6c685dbc 34524 6c685dc8 34523->34524 34544 6c68e9e8 36 API calls 8 library calls 34523->34544 34526 6c685dd1 IsProcessorFeaturePresent 34524->34526 34527 6c685def 34524->34527 34529 6c685ddc 34526->34529 34551 6c689f77 28 API calls _abort 34527->34551 34545 6c685f8c 34529->34545 34531 6c685df9 34552 6c68b8f3 20 API calls 3 library calls 34531->34552 34534 6c685e21 34553 6c68cba5 20 API calls _free 34534->34553 34536 6c685e2d 34541 6c685e53 34536->34541 34554 6c68b8f3 20 API calls 3 library calls 34536->34554 34538 6c685e47 34555 6c68cba5 20 API calls _free 34538->34555 34542 6c685e5f 34541->34542 34556 6c68f25d 11 API calls 2 library calls 34541->34556 34542->34511 34543->34523 34544->34524 34546 6c685fa8 _abort ___scrt_fastfail 34545->34546 34547 6c685fd4 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 34546->34547 34548 6c6860a5 _abort 34547->34548 34549 6c680c5d TranslatorGuardHandler 5 API calls 34548->34549 34550 6c6860c3 34549->34550 34550->34527 34551->34531 34552->34534 34553->34536 34554->34538 34555->34541 34556->34541 34557 6c69fe51 34572 6c69f564 34557->34572 34562 6c69f4a3 4 API calls 34563 6c69fe83 34562->34563 34564 6c69fe9a 34563->34564 34586 6c69f787 RegCreateKeyExW 34563->34586 34566 6c69feb3 34564->34566 34567 6c69fec4 34564->34567 34595 6c69eefe 62 API calls TranslatorGuardHandler 34566->34595 34570 6c69febb 34570->34567 34596 6c6820b0 34572->34596 34575 6c69f5ad 34576 6c680c5d TranslatorGuardHandler 5 API calls 34575->34576 34577 6c69f5c8 34576->34577 34578 6c69f4a3 34577->34578 34579 6c69f4b2 34578->34579 34598 6c6740d0 RegOpenKeyExW 34579->34598 34584 6c69f4d8 34603 6c673f80 34584->34603 34587 6c69f81b 34586->34587 34588 6c69f7d5 lstrlenW RegSetValueExW 34586->34588 34591 6c680c5d TranslatorGuardHandler 5 API calls 34587->34591 34589 6c69f7f5 RegDeleteValueW 34588->34589 34590 6c69f804 RegCloseKey 34588->34590 34589->34590 34590->34587 34592 6c69f813 RegDeleteKeyW 34590->34592 34593 6c69f82a 34591->34593 34592->34587 34593->34564 34594 6c69f711 8 API calls TranslatorGuardHandler 34593->34594 34594->34564 34595->34570 34597 6c6820c7 GetVersionExW 34596->34597 34597->34575 34599 6c67411b 34598->34599 34600 6c674109 34598->34600 34599->34584 34602 6c674140 RegQueryValueExW 34599->34602 34600->34599 34601 6c67410f RegCloseKey 34600->34601 34601->34599 34602->34584 34604 6c673f89 RegCloseKey 34603->34604 34605 6c673f9d 34603->34605 34604->34605 34605->34562 34606 6c68b731 34607 6c68b78b 34606->34607 34608 6c68b736 34606->34608 34638 6c686183 IsProcessorFeaturePresent 34607->34638 34608->34607 34610 6c68b73b 34608->34610 34642 6c68b8f3 20 API calls 3 library calls 34610->34642 34612 6c68b745 34613 6c68b77c 34612->34613 34643 6c6945cd 40 API calls __cftoe 34612->34643 34644 6c68cba5 20 API calls _free 34613->34644 34616 6c68b782 34617 6c68b795 ___DestructExceptionObject 34621 6c68b7b6 ___DestructExceptionObject 34617->34621 34645 6c68fbb0 36 API calls 3 library calls 34617->34645 34619 6c68b75c 34619->34607 34619->34613 34620 6c68b7c2 34646 6c69486e 41 API calls 2 library calls 34620->34646 34623 6c68c844 __fread_nolock 21 API calls 34626 6c68b7e7 34623->34626 34624 6c686183 __Getctype 11 API calls 34624->34626 34626->34621 34626->34623 34626->34624 34627 6c68b85a 34626->34627 34630 6c68b84a 34626->34630 34647 6c69486e 41 API calls 2 library calls 34626->34647 34649 6c68b688 EnterCriticalSection 34627->34649 34629 6c68b864 34636 6c68b887 34629->34636 34650 6c68cba5 20 API calls _free 34629->34650 34630->34627 34631 6c68b84e 34630->34631 34648 6c68cba5 20 API calls _free 34631->34648 34632 6c68b8bd 34652 6c68b8ea LeaveCriticalSection std::_Lockit::~_Lockit 34632->34652 34636->34632 34651 6c68cba5 20 API calls _free 34636->34651 34639 6c68618e 34638->34639 34640 6c685f8c _abort 8 API calls 34639->34640 34641 6c6861a3 GetCurrentProcess TerminateProcess 34640->34641 34641->34617 34642->34612 34643->34619 34644->34616 34645->34620 34646->34626 34647->34626 34648->34621 34649->34629 34650->34636 34651->34632 34652->34621 34653 6c66171f 34654 6c661722 34653->34654 34657 6c67fdbc 40 API calls 2 library calls 34654->34657 34656 6c661741 34657->34656 34658 6c680912 34659 6c68091d 34658->34659 34660 6c680950 dllmain_crt_process_detach 34658->34660 34661 6c680942 dllmain_crt_process_attach 34659->34661 34662 6c680922 34659->34662 34667 6c68092c 34660->34667 34661->34667 34663 6c680938 34662->34663 34664 6c680927 34662->34664 34669 6c680d42 29 API calls 34663->34669 34664->34667 34668 6c680d61 27 API calls 34664->34668 34668->34667 34669->34667 34670 6c66129a 34671 6c6612ad 34670->34671 34672 6c680fae 23 API calls 34671->34672 34673 6c6612b7 34672->34673 34674 6c666bfb 34675 6c666c36 34674->34675 34676 6c666c03 34674->34676 34684 6c685db7 36 API calls 2 library calls 34675->34684 34682 6c67f854 15 API calls new 34676->34682 34679 6c666c22 34683 6c67f69b LeaveCriticalSection LeaveCriticalSection std::_Lockit::~_Lockit 34679->34683 34681 6c666c2d 34682->34679 34683->34681 34684->34676

                                                                                                    Executed Functions

                                                                                                    Function 6C69F787 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 68registrystringCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    APIs
                                                                                                    • RegCreateKeyExW.KERNEL32(80000002,Software\Google\GCAPITemp,00000000,00000000,00000000,0002021F,00000000,?,?), ref: 6C69F7CB
                                                                                                    • lstrlenW.KERNEL32(?,?,00000000,00000000), ref: 6C69F7D9
                                                                                                    • RegSetValueExW.KERNEL32 ref: 6C69F7EB
                                                                                                    • RegDeleteValueW.KERNEL32 ref: 6C69F7FE
                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 6C69F807
                                                                                                    • RegDeleteKeyW.ADVAPI32(80000002,Software\Google\GCAPITemp), ref: 6C69F815
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: DeleteValue$CloseCreatelstrlen
                                                                                                    • String ID: Software\Google\GCAPITemp$test
                                                                                                    • API String ID: 495649648-3707622476
                                                                                                    • Opcode ID: 0681ef22409b64629e62bd5d858ebd4abc4e3efcf1659b0fe95062eb8cee9336
                                                                                                    • Instruction ID: 07888a1c6b6bdb332cee585811a9d357da4f3f385fc02a05747e5d61bc116667
                                                                                                    • Opcode Fuzzy Hash: 0681ef22409b64629e62bd5d858ebd4abc4e3efcf1659b0fe95062eb8cee9336
                                                                                                    • Instruction Fuzzy Hash: 0C113471A0121AAFDB00DE969DC9DFFBBBDFB06349F54002AF500A2201D6315E088BB9
                                                                                                    Function 6C694D05 Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 8 6c694d05-6c694d1e 9 6c694d20-6c694d30 call 6c68cb89 8->9 10 6c694d34-6c694d39 8->10 9->10 17 6c694d32 9->17 12 6c694d3b-6c694d43 10->12 13 6c694d46-6c694d6a MultiByteToWideChar 10->13 12->13 15 6c694efd-6c694f10 call 6c680c5d 13->15 16 6c694d70-6c694d7c 13->16 18 6c694d7e-6c694d8f 16->18 19 6c694dd0 16->19 17->10 23 6c694dae-6c694dbf call 6c68c844 18->23 24 6c694d91-6c694da0 call 6c681290 18->24 22 6c694dd2-6c694dd4 19->22 26 6c694dda-6c694ded MultiByteToWideChar 22->26 27 6c694ef2 22->27 23->27 34 6c694dc5 23->34 24->27 33 6c694da6-6c694dac 24->33 26->27 31 6c694df3-6c694e05 call 6c68f364 26->31 32 6c694ef4-6c694efb call 6c680399 27->32 38 6c694e0a-6c694e0e 31->38 32->15 37 6c694dcb-6c694dce 33->37 34->37 37->22 38->27 40 6c694e14-6c694e1b 38->40 41 6c694e1d-6c694e22 40->41 42 6c694e55-6c694e61 40->42 41->32 45 6c694e28-6c694e2a 41->45 43 6c694ead 42->43 44 6c694e63-6c694e74 42->44 46 6c694eaf-6c694eb1 43->46 48 6c694e8f-6c694ea0 call 6c68c844 44->48 49 6c694e76-6c694e85 call 6c681290 44->49 45->27 47 6c694e30-6c694e4a call 6c68f364 45->47 50 6c694eeb-6c694ef1 call 6c680399 46->50 51 6c694eb3-6c694ecc call 6c68f364 46->51 47->32 61 6c694e50 47->61 48->50 64 6c694ea2 48->64 49->50 63 6c694e87-6c694e8d 49->63 50->27 51->50 65 6c694ece-6c694ed5 51->65 61->27 66 6c694ea8-6c694eab 63->66 64->66 67 6c694f11-6c694f17 65->67 68 6c694ed7-6c694ed8 65->68 66->46 69 6c694ed9-6c694ee9 WideCharToMultiByte 67->69 68->69 69->50 70 6c694f19-6c694f20 call 6c680399 69->70 70->32
                                                                                                    APIs
                                                                                                    • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,6C6887AF,6C6887AF,?,?,?,6C694F56,00000001,00000001,FCE85006), ref: 6C694D5F
                                                                                                    • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,6C694F56,00000001,00000001,FCE85006,?,?,?), ref: 6C694DE5
                                                                                                    • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,FCE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 6C694EDF
                                                                                                    • __freea.LIBCMT ref: 6C694EEC
                                                                                                      • Part of subcall function 6C68C844: HeapAlloc.KERNEL32(00000000,0000010C,00000004,?,6C68C8A7,?,00000000,?,6C697B70,0000010C,00000004,?,0000010C,?,?,6C68DB9D), ref: 6C68C876
                                                                                                    • __freea.LIBCMT ref: 6C694EF5
                                                                                                    • __freea.LIBCMT ref: 6C694F1A
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ByteCharMultiWide__freea$AllocHeap
                                                                                                    • String ID:
                                                                                                    • API String ID: 3147120248-0
                                                                                                    • Opcode ID: 3d3ee4b38eea008e4659865f0c667878e671abda9f3b5c0adf41bace3baf8456
                                                                                                    • Instruction ID: 18ea9f6b75c442ecf47cfc91c3ba80db0ec2547df9b9f572af1026086e410d47
                                                                                                    • Opcode Fuzzy Hash: 3d3ee4b38eea008e4659865f0c667878e671abda9f3b5c0adf41bace3baf8456
                                                                                                    • Instruction Fuzzy Hash: A0510272602217AFEF158F64DC80EFB37A9EF41718F108629F924D6940DBB4DC45C6A8
                                                                                                    Function 6C680AF4 Relevance: 9.1, APIs: 6, Instructions: 93COMMONLIBRARYCODE
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: dllmain_crt_dispatchdllmain_raw
                                                                                                    • String ID:
                                                                                                    • API String ID: 1382799047-0
                                                                                                    • Opcode ID: f0c5a4332f7e798c7c38490daa4ef77ece6730006cdffe07a0457f4d6ed115da
                                                                                                    • Instruction ID: 3b30199085ddaca3274bf4a5589ee6f42f5e0651a80d70aaea11b3498e73dcc1
                                                                                                    • Opcode Fuzzy Hash: f0c5a4332f7e798c7c38490daa4ef77ece6730006cdffe07a0457f4d6ed115da
                                                                                                    • Instruction Fuzzy Hash: D7219E72D07695ABDB219E658C409AF3A39AF46B58B150E08F82527A10C736C5109BBC
                                                                                                    Function 6C68B731 Relevance: 7.7, APIs: 5, Instructions: 169COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 108 6c68b731-6c68b734 109 6c68b78b-6c68b7a9 call 6c686183 call 6c681630 call 6c68b6f9 108->109 110 6c68b736-6c68b739 108->110 126 6c68b7ae-6c68b7b4 109->126 110->109 112 6c68b73b-6c68b74b call 6c68b8f3 110->112 118 6c68b77c-6c68b78a call 6c68cba5 112->118 119 6c68b74d-6c68b766 call 6c6945cd 112->119 119->109 131 6c68b768-6c68b76b 119->131 129 6c68b7bd-6c68b7ec call 6c68fbb0 call 6c69486e 126->129 130 6c68b7b6-6c68b7b8 126->130 140 6c68b7ee-6c68b7f1 129->140 141 6c68b806-6c68b817 call 6c68c844 129->141 132 6c68b8e1-6c68b8e6 call 6c681676 130->132 131->118 134 6c68b76d 131->134 134->109 134->118 143 6c68b7f8 140->143 144 6c68b7f3-6c68b7f6 140->144 141->130 149 6c68b819-6c68b837 call 6c69486e 141->149 145 6c68b7fd call 6c686183 143->145 144->143 147 6c68b802-6c68b804 144->147 145->147 147->130 147->141 152 6c68b839-6c68b83c 149->152 153 6c68b85a-6c68b874 call 6c68b688 149->153 155 6c68b83e-6c68b841 152->155 156 6c68b843-6c68b848 152->156 159 6c68b890-6c68b89a 153->159 160 6c68b876-6c68b87c 153->160 155->156 158 6c68b84a-6c68b84c 155->158 156->145 158->153 161 6c68b84e-6c68b855 call 6c68cba5 158->161 163 6c68b89c-6c68b8a3 159->163 164 6c68b8c3-6c68b8df call 6c68b8ea 159->164 160->159 162 6c68b87e-6c68b88d call 6c68cba5 160->162 161->130 162->159 163->164 167 6c68b8a5-6c68b8ab 163->167 164->132 167->164 172 6c68b8ad-6c68b8b2 167->172 172->164 173 6c68b8b4-6c68b8be call 6c68cba5 172->173 173->164
                                                                                                    APIs
                                                                                                    • __cftoe.LIBCMT ref: 6C68B757
                                                                                                    • _free.LIBCMT ref: 6C68B77D
                                                                                                    • _free.LIBCMT ref: 6C68B84F
                                                                                                    • _free.LIBCMT ref: 6C68B882
                                                                                                      • Part of subcall function 6C68B8F3: HeapAlloc.KERNEL32(00000008,00000000,00000000,?,6C68FCCF,00000001,00000364,?,?,6C686175,00000000,00000000,00000000,00000000,00000000,0000010C), ref: 6C68B934
                                                                                                    • _free.LIBCMT ref: 6C68B8B8
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: _free$AllocHeap__cftoe
                                                                                                    • String ID:
                                                                                                    • API String ID: 65443942-0
                                                                                                    • Opcode ID: 94cec299ccc8509af0abbda303736fe8b6561f9cb8587837610384c2b6c8b105
                                                                                                    • Instruction ID: 8b62d494210338fc33a6b7f4f025c134df60c231ed80e1b50a3e7e001167d00b
                                                                                                    • Opcode Fuzzy Hash: 94cec299ccc8509af0abbda303736fe8b6561f9cb8587837610384c2b6c8b105
                                                                                                    • Instruction Fuzzy Hash: FB51FE72903605ABDF108BA98C80FED77B9AFCA328F644329E525E6781DB31D505877C
                                                                                                    Function 6C68EEBB Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 176 6c68eebb-6c68eecf 177 6c68eedc-6c68eef7 LoadLibraryExW 176->177 178 6c68eed1-6c68eeda 176->178 180 6c68eef9-6c68ef02 GetLastError 177->180 181 6c68ef20-6c68ef26 177->181 179 6c68ef33-6c68ef35 178->179 182 6c68ef11 180->182 183 6c68ef04-6c68ef0f LoadLibraryExW 180->183 184 6c68ef28-6c68ef29 FreeLibrary 181->184 185 6c68ef2f 181->185 186 6c68ef13-6c68ef15 182->186 183->186 184->185 187 6c68ef31-6c68ef32 185->187 186->181 188 6c68ef17-6c68ef1e 186->188 187->179 188->187
                                                                                                    APIs
                                                                                                    • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00000000,00000000,00000000,?,6C68EE62,00000000,00000000,00000000,00000000,?,6C68F12C,00000006,FlsSetValue), ref: 6C68EEED
                                                                                                    • GetLastError.KERNEL32(?,6C68EE62,00000000,00000000,00000000,00000000,?,6C68F12C,00000006,FlsSetValue,6C6AF920,6C6AF928,00000000,00000364,?,6C68FCEC), ref: 6C68EEF9
                                                                                                    • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,6C68EE62,00000000,00000000,00000000,00000000,?,6C68F12C,00000006,FlsSetValue,6C6AF920,6C6AF928,00000000), ref: 6C68EF07
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: LibraryLoad$ErrorLast
                                                                                                    • String ID:
                                                                                                    • API String ID: 3177248105-0
                                                                                                    • Opcode ID: 0b6c3a0a7f3f1ca0343ab53c6db82ad5097fbf7c3150400f344c4a1e764ff7fa
                                                                                                    • Instruction ID: c44d5995c30e12a56afee56991d48ebc81f9c2c9cee7ee5a75cf876f046b188a
                                                                                                    • Opcode Fuzzy Hash: 0b6c3a0a7f3f1ca0343ab53c6db82ad5097fbf7c3150400f344c4a1e764ff7fa
                                                                                                    • Instruction Fuzzy Hash: 5901F73A757222ABCB114ABEDC84A4A37B8EF0A7A5F110620F905D3541C720E801CBF8
                                                                                                    Function 6C69750D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 168COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 189 6c69750d-6c697531 call 6c6970a0 192 6c697541-6c697548 189->192 193 6c697533-6c69753c call 6c697113 189->193 195 6c69754b-6c697551 192->195 201 6c6976ee-6c6976fd call 6c680c5d 193->201 196 6c697641-6c697660 call 6c6820b0 195->196 197 6c697557-6c697563 195->197 209 6c697663-6c697668 196->209 197->195 199 6c697565-6c69756b 197->199 202 6c697639-6c69763c 199->202 203 6c697571-6c697577 199->203 208 6c6976ed 202->208 203->202 207 6c69757d-6c697589 IsValidCodePage 203->207 207->202 210 6c69758f-6c69759c GetCPInfo 207->210 208->201 211 6c69766a-6c69766f 209->211 212 6c69769f-6c6976a9 209->212 213 6c6975a2-6c6975c3 call 6c6820b0 210->213 214 6c697626-6c69762c 210->214 216 6c69769c 211->216 217 6c697671-6c697677 211->217 212->209 215 6c6976ab-6c6976d2 call 6c697062 212->215 228 6c6975c5-6c6975cc 213->228 229 6c697616 213->229 214->202 220 6c69762e-6c697634 call 6c697113 214->220 231 6c6976d3-6c6976e2 215->231 216->212 218 6c697690-6c697692 217->218 222 6c697679-6c69767f 218->222 223 6c697694-6c69769a 218->223 235 6c6976ea-6c6976eb 220->235 222->223 227 6c697681-6c69768c 222->227 223->211 223->216 227->218 233 6c6975ef-6c6975f2 228->233 234 6c6975ce-6c6975d3 228->234 232 6c697619-6c697621 229->232 231->231 236 6c6976e4-6c6976e5 call 6c697178 231->236 232->236 239 6c6975f7-6c6975fe 233->239 234->233 237 6c6975d5-6c6975db 234->237 235->208 236->235 241 6c6975e3-6c6975e5 237->241 239->239 240 6c697600-6c697614 call 6c697062 239->240 240->232 243 6c6975dd-6c6975e2 241->243 244 6c6975e7-6c6975ed 241->244 243->241 244->233 244->234
                                                                                                    APIs
                                                                                                      • Part of subcall function 6C6970A0: GetOEMCP.KERNEL32(00000000,6C697329,?,?,?), ref: 6C6970CB
                                                                                                    • IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,6C697370,?,00000000,?,6C6BED20), ref: 6C697581
                                                                                                    • GetCPInfo.KERNEL32(00000000,?,?,?,?,6C697370,?,00000000,?,6C6BED20), ref: 6C697594
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CodeInfoPageValid
                                                                                                    • String ID: kl
                                                                                                    • API String ID: 546120528-1450203147
                                                                                                    • Opcode ID: 901eda929ee746933ef95056e5951ba6f8f36817ae5d3800cc336a0829475b50
                                                                                                    • Instruction ID: 8f06146636c0700da384eeeda44e9f0d3782d2e1b136f12dd669d5ff4a11c816
                                                                                                    • Opcode Fuzzy Hash: 901eda929ee746933ef95056e5951ba6f8f36817ae5d3800cc336a0829475b50
                                                                                                    • Instruction Fuzzy Hash: 29512371A0434B9FDB108F7AC8907EABBF6EF42308F14456EC0958BA40EB359145CB9C
                                                                                                    Function 6C6856F8 Relevance: 4.6, APIs: 3, Instructions: 66libraryloaderCOMMONLIBRARYCODE
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 246 6c6856f8-6c685726 247 6c685728-6c68572a 246->247 248 6c685791 246->248 249 6c68572c-6c68572e 247->249 250 6c685730-6c685736 247->250 251 6c685793-6c685797 248->251 249->251 252 6c685738-6c68573a call 6c685798 250->252 253 6c685752 250->253 258 6c68573f-6c685742 252->258 254 6c685754-6c685756 253->254 256 6c685758-6c685766 GetProcAddress 254->256 257 6c685781-6c68578f 254->257 259 6c685768-6c685771 call 6c680c73 256->259 260 6c68577b 256->260 257->248 261 6c685773-6c685779 258->261 262 6c685744-6c68574a 258->262 259->249 260->257 261->254 262->252 263 6c68574c 262->263 263->253
                                                                                                    APIs
                                                                                                    • try_get_module.LIBVCRUNTIME ref: 6C68573A
                                                                                                    • GetProcAddress.KERNEL32(00000000,00000001,00000001,00000000,?,?,6C685973,00000005,FlsFree,6C6AD74C,6C6AD754,00000000,?,6C68567B,00000005,6C6854C7), ref: 6C68575C
                                                                                                    • __crt_fast_encode_pointer.LIBVCRUNTIME ref: 6C685769
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AddressProc__crt_fast_encode_pointertry_get_module
                                                                                                    • String ID:
                                                                                                    • API String ID: 2417418378-0
                                                                                                    • Opcode ID: d730fa93f71afa9176b966279cf660aceb80334c9b6876499602c5bbabd866b6
                                                                                                    • Instruction ID: 9fcf9a44a587617e1377604fc043384478c6f44510285bf17f977cd03e6a7738
                                                                                                    • Opcode Fuzzy Hash: d730fa93f71afa9176b966279cf660aceb80334c9b6876499602c5bbabd866b6
                                                                                                    • Instruction Fuzzy Hash: 0B11C437B02521DBFF16CE29D88059A73A5AB46364B52C225EC26EB644D630DC4186FC
                                                                                                    Function 6C666BFB Relevance: 4.5, APIs: 3, Instructions: 26COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 266 6c666bfb-6c666c01 267 6c666c36 call 6c685db7 266->267 268 6c666c03-6c666c16 266->268 269 6c666c3b-6c666c3f 267->269 268->269 270 6c666c18 268->270 272 6c666c1c-6c666c35 call 6c67f854 call 6c67f69b 269->272 270->272
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: std::_$Facet_LockitLockit::~_Register_abort
                                                                                                    • String ID:
                                                                                                    • API String ID: 1351560015-0
                                                                                                    • Opcode ID: 3dd587a247a139696e6f3da17f2b3695928f645bdf54e0a0d1ae513d156eb34c
                                                                                                    • Instruction ID: 8b85029cd2a23e0d288a7c693f9ace114cacf84b5e279db279a4a238424e3b3c
                                                                                                    • Opcode Fuzzy Hash: 3dd587a247a139696e6f3da17f2b3695928f645bdf54e0a0d1ae513d156eb34c
                                                                                                    • Instruction Fuzzy Hash: 5DE09275A018144B8710DF5EA94089CB3A4DB153297240A66E82AD7F50EB31DE1A86DF
                                                                                                    Function 6C697178 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 132COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 279 6c697178-6c6971ac GetCPInfo 280 6c6972a2-6c6972af 279->280 281 6c6971b2 279->281 282 6c6972b5-6c6972c5 280->282 283 6c6971b4-6c6971be 281->283 284 6c6972d1-6c6972d8 282->284 285 6c6972c7-6c6972cf 282->285 283->283 286 6c6971c0-6c6971d3 283->286 288 6c6972e8 284->288 289 6c6972da-6c6972e1 284->289 287 6c6972e4-6c6972e6 285->287 290 6c6971f4-6c6971f6 286->290 293 6c6972ea-6c6972f9 287->293 288->293 289->287 291 6c6971f8-6c69722f call 6c694be8 call 6c694f22 290->291 292 6c6971d5-6c6971dc 290->292 304 6c697234-6c69725f call 6c694f22 291->304 296 6c6971eb-6c6971ed 292->296 293->282 295 6c6972fb-6c69730b call 6c680c5d 293->295 297 6c6971ef-6c6971f2 296->297 298 6c6971de-6c6971e0 296->298 297->290 298->297 303 6c6971e2-6c6971ea 298->303 303->296 307 6c697261-6c69726b 304->307 308 6c69727b-6c69727d 307->308 309 6c69726d-6c697279 307->309 311 6c69727f-6c697284 308->311 312 6c697294 308->312 310 6c69728b-6c697292 309->310 313 6c69729b-6c69729e 310->313 311->310 312->313 313->307 314 6c6972a0 313->314 314->295
                                                                                                    APIs
                                                                                                    • GetCPInfo.KERNEL32(5EFC4D8B,?,00000005,?,00000000), ref: 6C69719D
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Info
                                                                                                    • String ID: kl
                                                                                                    • API String ID: 1807457897-1450203147
                                                                                                    • Opcode ID: b889663739daa801ea0c07bb71b3bd11579e82ce8c2e12aadc67e4f4878686e5
                                                                                                    • Instruction ID: 5f155de3607008f1347e6489c50bf1b61eda1b1a9bba3f1286bd634efb6be24f
                                                                                                    • Opcode Fuzzy Hash: b889663739daa801ea0c07bb71b3bd11579e82ce8c2e12aadc67e4f4878686e5
                                                                                                    • Instruction Fuzzy Hash: 00414C7050838D9BDF218E68CC84BF67BBDEF46308F1404EDE59987542D635AA45CF29
                                                                                                    Function 6C68F003 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 30memoryCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 315 6c68f003-6c68f025 call 6c68ee1f 317 6c68f02a-6c68f031 315->317 318 6c68f042 TlsAlloc 317->318 319 6c68f033-6c68f040 317->319 320 6c68f048-6c68f056 call 6c680c5d 318->320 319->320
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Alloc
                                                                                                    • String ID: FlsAlloc
                                                                                                    • API String ID: 2773662609-671089009
                                                                                                    • Opcode ID: c2f79576d150632134c1ffefedc52ef2c812f67c36e0b0cbc77ede8eb354b4b4
                                                                                                    • Instruction ID: 17338e11cea7555dc444f5ef6b6a5cea5421a56531dc136cf9692e56516e263c
                                                                                                    • Opcode Fuzzy Hash: c2f79576d150632134c1ffefedc52ef2c812f67c36e0b0cbc77ede8eb354b4b4
                                                                                                    • Instruction Fuzzy Hash: 21E0E535746118BBC7215F969C04AAD7BA4DF56310F000555F80557A00DA316E228AFF
                                                                                                    Function 6C69730C Relevance: 3.1, APIs: 2, Instructions: 95COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 325 6c69730c-6c697338 call 6c697419 call 6c6970a0 330 6c69733a-6c69733c 325->330 331 6c69733e-6c697353 call 6c68c844 325->331 332 6c697391-6c697394 330->332 335 6c697383 331->335 336 6c697355-6c69736b call 6c69750d 331->336 338 6c697385-6c697390 call 6c68cba5 335->338 339 6c697370-6c697376 336->339 338->332 341 6c697378-6c69737d call 6c68abdd 339->341 342 6c697395-6c697399 339->342 341->335 344 6c69739b call 6c691acb 342->344 345 6c6973a0-6c6973ab 342->345 344->345 348 6c6973ad-6c6973b7 345->348 349 6c6973c2-6c6973dc 345->349 348->349 351 6c6973b9-6c6973c1 call 6c68cba5 348->351 349->338 352 6c6973de-6c6973e5 349->352 351->349 352->338 354 6c6973e7-6c697404 call 6c696fb7 352->354 354->338 358 6c69740a-6c697414 354->358 358->338
                                                                                                    APIs
                                                                                                      • Part of subcall function 6C697419: _abort.LIBCMT ref: 6C697446
                                                                                                      • Part of subcall function 6C697419: _free.LIBCMT ref: 6C697479
                                                                                                      • Part of subcall function 6C6970A0: GetOEMCP.KERNEL32(00000000,6C697329,?,?,?), ref: 6C6970CB
                                                                                                    • _free.LIBCMT ref: 6C697386
                                                                                                    • _free.LIBCMT ref: 6C6973BC
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: _free$_abort
                                                                                                    • String ID:
                                                                                                    • API String ID: 195396716-0
                                                                                                    • Opcode ID: 7a53947391b05b930e77fec72f44fc8199079b4aa4702dd8fe0593d6c0b0cb20
                                                                                                    • Instruction ID: 750fc08b3bd67854e659a62b18345ae337b37b11d282a130679e3d02e6ea0a8b
                                                                                                    • Opcode Fuzzy Hash: 7a53947391b05b930e77fec72f44fc8199079b4aa4702dd8fe0593d6c0b0cb20
                                                                                                    • Instruction Fuzzy Hash: 3731B27150424AAFDB01DF69C880BCA7BF5EF42328F154169EE149BA90EB329C94CB58
                                                                                                    Function 6C68EE1F Relevance: 3.1, APIs: 2, Instructions: 65libraryloaderCOMMONLIBRARYCODE
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 359 6c68ee1f-6c68ee49 360 6c68ee4b-6c68ee4d 359->360 361 6c68eeb4 359->361 363 6c68ee4f-6c68ee51 360->363 364 6c68ee53-6c68ee59 360->364 362 6c68eeb6-6c68eeba 361->362 363->362 365 6c68ee5b-6c68ee5d call 6c68eebb 364->365 366 6c68ee75 364->366 369 6c68ee62-6c68ee65 365->369 368 6c68ee77-6c68ee79 366->368 370 6c68ee7b-6c68ee89 GetProcAddress 368->370 371 6c68eea4-6c68eeb2 368->371 372 6c68ee96-6c68ee9c 369->372 373 6c68ee67-6c68ee6d 369->373 374 6c68ee8b-6c68ee94 call 6c680c73 370->374 375 6c68ee9e 370->375 371->361 372->368 373->365 376 6c68ee6f 373->376 374->363 375->371 376->366
                                                                                                    APIs
                                                                                                    • GetProcAddress.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,6C68F12C,00000006,FlsSetValue,6C6AF920,6C6AF928,00000000,00000364,?,6C68FCEC,00000000), ref: 6C68EE7F
                                                                                                    • __crt_fast_encode_pointer.LIBVCRUNTIME ref: 6C68EE8C
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AddressProc__crt_fast_encode_pointer
                                                                                                    • String ID:
                                                                                                    • API String ID: 2279764990-0
                                                                                                    • Opcode ID: 82715943b234865fac44219da915354a491d963b6849fef738b7af3f456fc710
                                                                                                    • Instruction ID: f16a2760a7010392f801900aa65c11a60d332eea8373903cc2424b1ee734d361
                                                                                                    • Opcode Fuzzy Hash: 82715943b234865fac44219da915354a491d963b6849fef738b7af3f456fc710
                                                                                                    • Instruction Fuzzy Hash: E6110D3BB03521DBDF119D1DC88888B77B59B81724B124211ED24AF644D730DC0386FD
                                                                                                    Function 6C6664B0 Relevance: 3.0, APIs: 2, Instructions: 39COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 379 6c6664b0-6c6664c5 call 6c6808da call 6c67f888 383 6c6664ca-6c66652e 379->383
                                                                                                    APIs
                                                                                                    • new.LIBCMT ref: 6C6664BC
                                                                                                    • std::locale::_Init.LIBCPMT ref: 6C6664C5
                                                                                                      • Part of subcall function 6C67F888: __EH_prolog3.LIBCMT ref: 6C67F88F
                                                                                                      • Part of subcall function 6C67F888: std::_Lockit::_Lockit.LIBCPMT ref: 6C67F89A
                                                                                                      • Part of subcall function 6C67F888: std::locale::_Locimp::_New_Locimp.LIBCPMT ref: 6C67F8AD
                                                                                                      • Part of subcall function 6C67F888: std::locale::_Setgloballocale.LIBCPMT ref: 6C67F8B5
                                                                                                      • Part of subcall function 6C67F888: _Yarn.LIBCPMT ref: 6C67F8CB
                                                                                                      • Part of subcall function 6C67F888: std::_Lockit::~_Lockit.LIBCPMT ref: 6C67F909
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: std::locale::_$Lockitstd::_$H_prolog3InitLocimpLocimp::_Lockit::_Lockit::~_New_SetgloballocaleYarn
                                                                                                    • String ID:
                                                                                                    • API String ID: 2548088810-0
                                                                                                    • Opcode ID: 2bca7dce2e38341f650341318013080eb77d28cadf3862c665f632a2a21df873
                                                                                                    • Instruction ID: 1738b77be2d58d7f394fe8146f72d478ab472ddd80db44f014dbf31a5ff7d6cd
                                                                                                    • Opcode Fuzzy Hash: 2bca7dce2e38341f650341318013080eb77d28cadf3862c665f632a2a21df873
                                                                                                    • Instruction Fuzzy Hash: B51158B5601A06AFD3058F25D940B82BBF4BB09310F01826AD8088BB50E7B5B965CFE4
                                                                                                    Function 6C6740D0 Relevance: 3.0, APIs: 2, Instructions: 39registryCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 384 6c6740d0-6c674107 RegOpenKeyExW 385 6c67412c-6c674132 384->385 386 6c674109-6c67410d 384->386 387 6c67410f-6c674118 RegCloseKey 386->387 388 6c67411b-6c674129 386->388 387->388 388->385
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CloseOpen
                                                                                                    • String ID:
                                                                                                    • API String ID: 47109696-0
                                                                                                    • Opcode ID: f83b27b2c2f25a63e7d1c42cccc668f3c3e0c2c7cf0f74e717b98304a6dfb1b2
                                                                                                    • Instruction ID: 5d9fe130b2bf6fc6bccd9a3faaf832ff765b3cbbac4a5c04f087e67f98a8af66
                                                                                                    • Opcode Fuzzy Hash: f83b27b2c2f25a63e7d1c42cccc668f3c3e0c2c7cf0f74e717b98304a6dfb1b2
                                                                                                    • Instruction Fuzzy Hash: 45F03175205305AFD7208F5AD845B6BFBE8FB99325F10892EF998C3240D770A914CFA5
                                                                                                    Function 6C685638 Relevance: 3.0, APIs: 2, Instructions: 19COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 389 6c685638-6c68563d call 6c68591f 391 6c685642-6c68564b 389->391 392 6c68564d-6c68564f 391->392 393 6c685650-6c68565f call 6c6859cd 391->393 396 6c685668-6c68566a 393->396 397 6c685661-6c685666 call 6c68566b 393->397 397->392
                                                                                                    APIs
                                                                                                    • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 6C685656
                                                                                                    • ___vcrt_uninitialize_ptd.LIBVCRUNTIME ref: 6C685661
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Value___vcrt____vcrt_uninitialize_ptd
                                                                                                    • String ID:
                                                                                                    • API String ID: 1660781231-0
                                                                                                    • Opcode ID: 08b409a29d057f00069ee83294f4c28fa14990a7586a285507c5e44e4d471a31
                                                                                                    • Instruction ID: 269d28ca47ec1ea152fd16cbbaccdbb90501b3b54efb0b0103edce0783523a52
                                                                                                    • Opcode Fuzzy Hash: 08b409a29d057f00069ee83294f4c28fa14990a7586a285507c5e44e4d471a31
                                                                                                    • Instruction Fuzzy Hash: F8D0A76144B74094FD00257515408C533A8060337879407C6D12385DE5FB158084993E
                                                                                                    Function 6C666566 Relevance: 1.5, APIs: 1, Instructions: 40COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • std::ios_base::_Addstd.LIBCPMT ref: 6C6665A9
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Addstdstd::ios_base::_
                                                                                                    • String ID:
                                                                                                    • API String ID: 2228453158-0
                                                                                                    • Opcode ID: bba149e2847bf6d5ea606f801ce04560f49c6cb51a60ec6139c43f110912eeb6
                                                                                                    • Instruction ID: 25045f6f6f14cdef57ee9c81251327a2b4f5ada1f16e5172581c4192ac77fbf3
                                                                                                    • Opcode Fuzzy Hash: bba149e2847bf6d5ea606f801ce04560f49c6cb51a60ec6139c43f110912eeb6
                                                                                                    • Instruction Fuzzy Hash: 33F0F6717002005FEB108F66E486B69B7A1FB85318F144169E946CBF85D771EC54CBA7
                                                                                                    Function 6C661716 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Getctype
                                                                                                    • String ID:
                                                                                                    • API String ID: 2085600672-0
                                                                                                    • Opcode ID: 9c5a31e522e52e8ab5dd19970eb636d2cc22d72d4425ee7aaa27f33dbe2bb4af
                                                                                                    • Instruction ID: 3ecba3b4b3398e392230167d916fb181a719a1ecdea796f50472b79505d169f7
                                                                                                    • Opcode Fuzzy Hash: 9c5a31e522e52e8ab5dd19970eb636d2cc22d72d4425ee7aaa27f33dbe2bb4af
                                                                                                    • Instruction Fuzzy Hash: CAE0DFF2C101058AC300CF58D4416E8FBB8EF29304F10821BC81992E11FB30A5ADC69A
                                                                                                    Function 6C66171F Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Getctype
                                                                                                    • String ID:
                                                                                                    • API String ID: 2085600672-0
                                                                                                    • Opcode ID: 7ffe08c7df5d924a00f1d64449295f6ecf747139dd43ab32a94d171263a29b45
                                                                                                    • Instruction ID: 64cb6a16805fd2244a5983cef50cf7aef56e857aff2a6b3593a0ec08f5aff062
                                                                                                    • Opcode Fuzzy Hash: 7ffe08c7df5d924a00f1d64449295f6ecf747139dd43ab32a94d171263a29b45
                                                                                                    • Instruction Fuzzy Hash: 1CE0D8F2C001058AD304CF48D4416E8F7B4FF25304F10815BC81992A11FB30A1DDC799
                                                                                                    Function 6C674140 Relevance: 1.5, APIs: 1, Instructions: 14registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • RegQueryValueExW.KERNEL32(80000002,00020219,00000000,00000000,00000000,00000000), ref: 6C674150
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: QueryValue
                                                                                                    • String ID:
                                                                                                    • API String ID: 3660427363-0
                                                                                                    • Opcode ID: 2084fdcbb4ca5c82d8d70dc9bcc99c3621baabbc322fa79cb5c5dfc96a023151
                                                                                                    • Instruction ID: addf7bfdf501865083af4cd9688f0be8f907ec1cfa809cfe8939a2c3f3489e43
                                                                                                    • Opcode Fuzzy Hash: 2084fdcbb4ca5c82d8d70dc9bcc99c3621baabbc322fa79cb5c5dfc96a023151
                                                                                                    • Instruction Fuzzy Hash: ECC08C323D43087BEB201AB2DC03F143A68E722F05F300021B306AC0E0C1A370209A4C
                                                                                                    Function 6C66158D Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 6C66158F
                                                                                                      • Part of subcall function 6C67F98B: _Yarn.LIBCPMT ref: 6C67F9AA
                                                                                                      • Part of subcall function 6C67F98B: _Yarn.LIBCPMT ref: 6C67F9CE
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Yarn$Locinfo::_Locinfo_ctorstd::_
                                                                                                    • String ID:
                                                                                                    • API String ID: 3704895665-0
                                                                                                    • Opcode ID: d080491ecb3bdb019867609d9e89bbc9f6e145d7bf60d3e842f61abc602108ad
                                                                                                    • Instruction ID: d681241fa73889f737843ff9c432ccbb044934eff174ac18c97bab8da85cea2b
                                                                                                    • Opcode Fuzzy Hash: d080491ecb3bdb019867609d9e89bbc9f6e145d7bf60d3e842f61abc602108ad
                                                                                                    • Instruction Fuzzy Hash: 54B01293B11024120010544C3C01CFAF20CC7270167040163ED04C1700E5020D3503FF

                                                                                                    Non-executed Functions

                                                                                                    Function 6C69FFEC Relevance: 25.7, APIs: 17, Instructions: 233comthreadCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CoInitializeEx.OLE32(00000000,00000002), ref: 6C6A0024
                                                                                                    • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000006,00000002,00000000,00000040,00000000), ref: 6C6A0039
                                                                                                    • CoUninitialize.OLE32 ref: 6C6A02D1
                                                                                                      • Part of subcall function 6C69F4F1: GetCurrentProcess.KERNEL32(00000008,?), ref: 6C69F50F
                                                                                                      • Part of subcall function 6C69F4F1: OpenProcessToken.ADVAPI32(00000000), ref: 6C69F516
                                                                                                      • Part of subcall function 6C69F4F1: GetTokenInformation.ADVAPI32(?,00000012(TokenIntegrityLevel),?,00000004,00000000), ref: 6C69F53A
                                                                                                      • Part of subcall function 6C69F4F1: CloseHandle.KERNEL32(?), ref: 6C69F547
                                                                                                    • GetCurrentProcessId.KERNEL32(?), ref: 6C6A0064
                                                                                                      • Part of subcall function 6C69F383: OpenProcess.KERNEL32(00000400,00000001,?,00000000,00000000), ref: 6C69F396
                                                                                                    • GetShellWindow.USER32 ref: 6C6A0087
                                                                                                    • GetWindowThreadProcessId.USER32(00000000), ref: 6C6A008E
                                                                                                    • LocalFree.KERNEL32(?), ref: 6C6A00A2
                                                                                                    • OpenProcess.KERNEL32(00000440,00000001,?), ref: 6C6A00EA
                                                                                                    • OpenProcessToken.ADVAPI32(?,0000000A,?,00000000), ref: 6C6A0131
                                                                                                    • DuplicateTokenEx.ADVAPI32(?,0000000F,00000000,00000002,00000001,?), ref: 6C6A014E
                                                                                                    • ImpersonateLoggedOnUser.ADVAPI32(?), ref: 6C6A015E
                                                                                                    • CloseHandle.KERNEL32(?), ref: 6C6A018C
                                                                                                    • CloseHandle.KERNEL32(?), ref: 6C6A019C
                                                                                                    • LocalFree.KERNEL32(?), ref: 6C6A01AF
                                                                                                    • LocalFree.KERNEL32(?), ref: 6C6A01BB
                                                                                                    • CoCreateInstance.OLE32(6C6B65CC,00000000,00000004,6C6B65BC,?), ref: 6C6A01F0
                                                                                                    • RevertToSelf.ADVAPI32(00000001,00000000), ref: 6C6A02A7
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Process$OpenToken$CloseFreeHandleLocal$CurrentInitializeWindow$CreateDuplicateImpersonateInformationInstanceLoggedRevertSecuritySelfShellThreadUninitializeUser
                                                                                                    • String ID:
                                                                                                    • API String ID: 1086148846-0
                                                                                                    • Opcode ID: f338248889276979dae78c2e1d6f0a171fddc2179b5b197c0bc5c6836dfd01e3
                                                                                                    • Instruction ID: 6c1a048febcb75eb3287e286beebbf37032c0425aaf5f40286c1cd862fad91b7
                                                                                                    • Opcode Fuzzy Hash: f338248889276979dae78c2e1d6f0a171fddc2179b5b197c0bc5c6836dfd01e3
                                                                                                    • Instruction Fuzzy Hash: 56812D71905219AFEF20DFA1DC84FEEB779BF46308F10409AE51AA2641DB359D49CF28
                                                                                                    Function 6C67B6C0 Relevance: 25.0, APIs: 13, Strings: 1, Instructions: 504COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 6C67D530: new.LIBCMT ref: 6C67D54D
                                                                                                    • new.LIBCMT ref: 6C67B811
                                                                                                    • SetHandleInformation.KERNEL32 ref: 6C67B8AA
                                                                                                      • Part of subcall function 6C67B5D0: GetCurrentProcess.KERNEL32(00000001,?,00000001), ref: 6C67B5F4
                                                                                                      • Part of subcall function 6C67FC31: std::invalid_argument::invalid_argument.LIBCONCRT ref: 6C67FC3D
                                                                                                      • Part of subcall function 6C67FC31: __CxxThrowException@8.LIBVCRUNTIME ref: 6C67FC4B
                                                                                                    Strings
                                                                                                    • invalid vector<T> subscript, xrefs: 6C67BE32
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CurrentException@8HandleInformationProcessThrowstd::invalid_argument::invalid_argument
                                                                                                    • String ID: invalid vector<T> subscript
                                                                                                    • API String ID: 2615769013-3016609489
                                                                                                    • Opcode ID: 675c2e2162443b0c25d949c68f1e8aacaf9f40cb87adfde6635837139ce3a219
                                                                                                    • Instruction ID: 41ed4bf709292a4cd9e3faf662520e9529f97a57914e824cca780dd91e818b48
                                                                                                    • Opcode Fuzzy Hash: 675c2e2162443b0c25d949c68f1e8aacaf9f40cb87adfde6635837139ce3a219
                                                                                                    • Instruction Fuzzy Hash: 621239716093409FD720CF25C894B9BB7E4BF85318F144E1DF4A997A90DB34E948CBAA
                                                                                                    Function 6C672A20 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 156libraryloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetCurrentProcess.KERNEL32(00000000), ref: 6C672A4E
                                                                                                    • GetModuleHandleW.KERNEL32(kernel32.dll,IsWow64Process), ref: 6C672A64
                                                                                                    • GetProcAddress.KERNEL32(00000000), ref: 6C672A6B
                                                                                                    • GetVersionExW.KERNEL32(0000011C), ref: 6C672AE0
                                                                                                    • GetNativeSystemInfo.KERNEL32(?), ref: 6C672B3C
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AddressCurrentHandleInfoModuleNativeProcProcessSystemVersion
                                                                                                    • String ID: GetProductInfo$IsWow64Process$kernel32.dll
                                                                                                    • API String ID: 1167739923-1263506661
                                                                                                    • Opcode ID: 97cb890b57c5969e5154f6d42eb256dfcbf1bb80f4efb36362a7eefc1a63bc77
                                                                                                    • Instruction ID: 0280ed268861506b70bda79e5e145bf405e0c7c5d166460f05534f359dea3af0
                                                                                                    • Opcode Fuzzy Hash: 97cb890b57c5969e5154f6d42eb256dfcbf1bb80f4efb36362a7eefc1a63bc77
                                                                                                    • Instruction Fuzzy Hash: 82517070A01619CBDB70CF65C9487EAB7F4EF09308F10099EE44AD7650D775AA94CF98
                                                                                                    Function 6C692301 Relevance: 12.7, APIs: 6, Strings: 1, Instructions: 461COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: _free$_memcmp
                                                                                                    • String ID: C
                                                                                                    • API String ID: 789029625-1037565863
                                                                                                    • Opcode ID: 8fcf98c666e11387d8d85bab14a24275ce0f8d950c970f71eef17d783df26def
                                                                                                    • Instruction ID: 6383f192cd1f5f8048ca6772a518f7f8957155a4db11b5d78374ffdaf8426b9b
                                                                                                    • Opcode Fuzzy Hash: 8fcf98c666e11387d8d85bab14a24275ce0f8d950c970f71eef17d783df26def
                                                                                                    • Instruction Fuzzy Hash: 07029075A0521A9BDB24DF19CC98BE9B3B4FF05708F1445EAD809A7B50E731AE84CF48
                                                                                                    Function 6C698517 Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: __floor_pentium4
                                                                                                    • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                    • API String ID: 4168288129-2761157908
                                                                                                    • Opcode ID: 86691879214d66f2a04390469d9341d15f535d631e3345604bd7e2c6b46a7816
                                                                                                    • Instruction ID: c70fad0cd6be372da6c78f0da1cbe74b0bd600435c56e63a5ce3c3c6344865fd
                                                                                                    • Opcode Fuzzy Hash: 86691879214d66f2a04390469d9341d15f535d631e3345604bd7e2c6b46a7816
                                                                                                    • Instruction Fuzzy Hash: 49C27C71E0962A8FDB25CE28DD407EAB3B5FB89308F1441EAD41DE7640E775AE818F44
                                                                                                    Function 6C675D10 Relevance: 10.0, APIs: 4, Strings: 1, Instructions: 1234COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: inity
                                                                                                    • API String ID: 0-2893408212
                                                                                                    • Opcode ID: d88607f852e93ef2076318368b91b27cb2f58a8a09c04fa52134f33e4cad9e0a
                                                                                                    • Instruction ID: a3d25c59f2e939c9f09dbf345494ad19bb242ec608340cab68675123effe4b23
                                                                                                    • Opcode Fuzzy Hash: d88607f852e93ef2076318368b91b27cb2f58a8a09c04fa52134f33e4cad9e0a
                                                                                                    • Instruction Fuzzy Hash: 15C29970A08B428BC725CF29C49035BB7F6BFCA358F148E1EE49997650EB34D485CB5A
                                                                                                    Function 6C69B452 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 86COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetLocaleInfoW.KERNEL32(?,2000000B,?,00000002), ref: 6C69B4EB
                                                                                                    • GetLocaleInfoW.KERNEL32(?,20001004,?,00000002), ref: 6C69B514
                                                                                                    • GetACP.KERNEL32 ref: 6C69B529
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: InfoLocale
                                                                                                    • String ID: ACP$OCP
                                                                                                    • API String ID: 2299586839-711371036
                                                                                                    • Opcode ID: 55a7e7a5d800caaadcdd147cb1c29aa7ef80a714862410bba9d3f39b5b18d77d
                                                                                                    • Instruction ID: a17603141aabf91ced9a4608687ce21c5dc831687868909d575baaa494113641
                                                                                                    • Opcode Fuzzy Hash: 55a7e7a5d800caaadcdd147cb1c29aa7ef80a714862410bba9d3f39b5b18d77d
                                                                                                    • Instruction Fuzzy Hash: 99210332605106AAE7308F56D900B9773B6EFC4F28B5A8565E809D7904E732DD40D798
                                                                                                    Function 6C69B626 Relevance: 7.7, APIs: 5, Instructions: 188COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 6C68FBB0: GetLastError.KERNEL32(00000008,6C661DE7,6C68EBE2,6C685DC7), ref: 6C68FBB4
                                                                                                      • Part of subcall function 6C68FBB0: _free.LIBCMT ref: 6C68FBE7
                                                                                                      • Part of subcall function 6C68FBB0: SetLastError.KERNEL32(00000000,00000008,6C661DE7), ref: 6C68FC28
                                                                                                      • Part of subcall function 6C68FBB0: _abort.LIBCMT ref: 6C68FC2E
                                                                                                      • Part of subcall function 6C68FBB0: _free.LIBCMT ref: 6C68FC0F
                                                                                                      • Part of subcall function 6C68FBB0: SetLastError.KERNEL32(00000000,00000008,6C661DE7), ref: 6C68FC1C
                                                                                                    • GetUserDefaultLCID.KERNEL32 ref: 6C69B732
                                                                                                    • IsValidCodePage.KERNEL32(00000000), ref: 6C69B78D
                                                                                                    • IsValidLocale.KERNEL32(?,00000001), ref: 6C69B79C
                                                                                                    • GetLocaleInfoW.KERNEL32(?,00001001,?,00000040,?,?,00000055,00000000,?,?,00000055,00000000), ref: 6C69B7E4
                                                                                                    • GetLocaleInfoW.KERNEL32(?,00001002,?,00000040), ref: 6C69B803
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLastLocale$InfoValid_free$CodeDefaultPageUser_abort
                                                                                                    • String ID:
                                                                                                    • API String ID: 745075371-0
                                                                                                    • Opcode ID: a4737589949cca2f903deeb23f4831df291bdbabbccb754ecd42eea075322c32
                                                                                                    • Instruction ID: 8ac5603d33c04b2f1da32cb6c69d9fdd75177d5651d7be806d893ab257f4494c
                                                                                                    • Opcode Fuzzy Hash: a4737589949cca2f903deeb23f4831df291bdbabbccb754ecd42eea075322c32
                                                                                                    • Instruction Fuzzy Hash: E1516271A01206AFEF20DFA5CC84AFE73B9EF85704F144569E914EB640E770D944CB69
                                                                                                    Function 6C69057E Relevance: 7.7, APIs: 5, Instructions: 171timeCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,6C6AF9F4), ref: 6C6905E8
                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,6C6BEC4C,000000FF,00000000,0000003F,00000000,?,?), ref: 6C690660
                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,6C6BECA0,000000FF,?,0000003F,00000000,?), ref: 6C69068D
                                                                                                    • _free.LIBCMT ref: 6C6905D6
                                                                                                      • Part of subcall function 6C68CBA5: HeapFree.KERNEL32(00000000,00000000), ref: 6C68CBBB
                                                                                                      • Part of subcall function 6C68CBA5: GetLastError.KERNEL32(00000000,?,6C69A020,00000000,00000000,00000000,00000000,?,6C69A2C4,00000000,00000007,00000000,?,6C698081,00000000,00000000), ref: 6C68CBCD
                                                                                                    • _free.LIBCMT ref: 6C6907A2
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ByteCharMultiWide_free$ErrorFreeHeapInformationLastTimeZone
                                                                                                    • String ID:
                                                                                                    • API String ID: 1286116820-0
                                                                                                    • Opcode ID: 77b4ec85d00a3c910899d5b6f1040e2568c73911178d18e6aaf98a4bf1dc04e0
                                                                                                    • Instruction ID: 57742b6e742dfadf85eed999554dee05c2d7b339bafdb7fe31db0c3568d205fc
                                                                                                    • Opcode Fuzzy Hash: 77b4ec85d00a3c910899d5b6f1040e2568c73911178d18e6aaf98a4bf1dc04e0
                                                                                                    • Instruction Fuzzy Hash: 84510C71901256EFDF00DF69CC809EE7BBCEF86324F10025AE560D7640DB3099458BAC
                                                                                                    Function 6C6629A0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 132windowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • FormatMessageA.KERNEL32(00001200,00000000,?,00000000,?,00000100,00000000,?,?), ref: 6C6629D1
                                                                                                    • GetLastError.KERNEL32(?,?,00000000,?,00000100,00000000,?,?), ref: 6C662B45
                                                                                                    Strings
                                                                                                    • (0x%X), xrefs: 6C662A48
                                                                                                    • Error (0x%X) while retrieving error. (0x%X), xrefs: 6C662B4C
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorFormatLastMessage
                                                                                                    • String ID: (0x%X)$Error (0x%X) while retrieving error. (0x%X)
                                                                                                    • API String ID: 3479602957-3758316108
                                                                                                    • Opcode ID: b791656ec8f8270873f626cb5e1a3a940ef04d1e07b8b8e271cbc9e8776cdf87
                                                                                                    • Instruction ID: 417b7bb67813bf7f8bdc15e5821c9de93cb87c51164c88982a0aeef0478ddcb0
                                                                                                    • Opcode Fuzzy Hash: b791656ec8f8270873f626cb5e1a3a940ef04d1e07b8b8e271cbc9e8776cdf87
                                                                                                    • Instruction Fuzzy Hash: B241D530A00118AFDB25CF55CC54FEEB775EB4A308F1002D9E459A6A81DBB15EC8CF9A
                                                                                                    Function 6C69B0D9 Relevance: 4.7, APIs: 3, Instructions: 205COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 6C68FBB0: GetLastError.KERNEL32(00000008,6C661DE7,6C68EBE2,6C685DC7), ref: 6C68FBB4
                                                                                                      • Part of subcall function 6C68FBB0: _free.LIBCMT ref: 6C68FBE7
                                                                                                      • Part of subcall function 6C68FBB0: SetLastError.KERNEL32(00000000,00000008,6C661DE7), ref: 6C68FC28
                                                                                                      • Part of subcall function 6C68FBB0: _abort.LIBCMT ref: 6C68FC2E
                                                                                                      • Part of subcall function 6C68FBB0: _free.LIBCMT ref: 6C68FC0F
                                                                                                      • Part of subcall function 6C68FBB0: SetLastError.KERNEL32(00000000,00000008,6C661DE7), ref: 6C68FC1C
                                                                                                    • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 6C69B12D
                                                                                                    • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 6C69B17E
                                                                                                    • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 6C69B23E
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorInfoLastLocale$_free$_abort
                                                                                                    • String ID:
                                                                                                    • API String ID: 2829624132-0
                                                                                                    • Opcode ID: 698bb55b7bd9db0b34d1624a7e21e2c0209128dc2c603c9e184d41fad5ff79d4
                                                                                                    • Instruction ID: 078195c5b9f564a88164049a68aea6bdbc4d6ec3c9d488407e32952a803de571
                                                                                                    • Opcode Fuzzy Hash: 698bb55b7bd9db0b34d1624a7e21e2c0209128dc2c603c9e184d41fad5ff79d4
                                                                                                    • Instruction Fuzzy Hash: 5461B1715482079FEB28CF29CC81BBA77B8EF85308F1441A9ED15C6A84EB74E945CB58
                                                                                                    Function 6C685F8C Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 6C686084
                                                                                                    • SetUnhandledExceptionFilter.KERNEL32 ref: 6C68608E
                                                                                                    • UnhandledExceptionFilter.KERNEL32(-00000328), ref: 6C68609B
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                    • String ID:
                                                                                                    • API String ID: 3906539128-0
                                                                                                    • Opcode ID: 5385eab2a1aec8c4d72687986f75bebb360da9587202af39296ade27b70404c1
                                                                                                    • Instruction ID: eedd53f06a5bd296bca7ab75514179e040523de8555399ae8d7b80a4c80bd42e
                                                                                                    • Opcode Fuzzy Hash: 5385eab2a1aec8c4d72687986f75bebb360da9587202af39296ade27b70404c1
                                                                                                    • Instruction Fuzzy Hash: 7D31D67494221C9BCB21DF65D988BCCBBB8BF09314F5042DAE81CA7250E7309B858F59
                                                                                                    Function 6C67D200 Relevance: 4.6, APIs: 3, Instructions: 78COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetUserDefaultUILanguage.KERNEL32 ref: 6C67D21F
                                                                                                    • GetLocaleInfoW.KERNEL32(?,00000059,?,00000009), ref: 6C67D23D
                                                                                                    • GetLocaleInfoW.KERNEL32(?,0000005A,?,00000009,?,-00000001,?,00000059,?,00000009), ref: 6C67D284
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: InfoLocale$DefaultLanguageUser
                                                                                                    • String ID:
                                                                                                    • API String ID: 1606347679-0
                                                                                                    • Opcode ID: 823e4a307ccf7b30d487f60c7a75f66cd9322a7a0ac21611926bdb5d70845705
                                                                                                    • Instruction ID: 0d3093048ddfcd1094066466d9f8d66633476c5d2aa5d1c491ec423227bb92cf
                                                                                                    • Opcode Fuzzy Hash: 823e4a307ccf7b30d487f60c7a75f66cd9322a7a0ac21611926bdb5d70845705
                                                                                                    • Instruction Fuzzy Hash: 5521D831B052089FDB20DFA5D845BEFB7B8EB46305F40096AE616D7780D734DC0A8BA8
                                                                                                    Function 6C69F711 Relevance: 4.5, APIs: 3, Instructions: 47memoryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000), ref: 6C69F744
                                                                                                    • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 6C69F759
                                                                                                    • FreeSid.ADVAPI32(?), ref: 6C69F769
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                                                    • String ID:
                                                                                                    • API String ID: 3429775523-0
                                                                                                    • Opcode ID: 0754911cc7d5bb6a7f67b5b456516cace890919751ffbcc0383856005dca7853
                                                                                                    • Instruction ID: 436cac82f9c9fd4c94319574adbc1b2afc0836c0fb1701ac8cc8a53eb0facab0
                                                                                                    • Opcode Fuzzy Hash: 0754911cc7d5bb6a7f67b5b456516cace890919751ffbcc0383856005dca7853
                                                                                                    • Instruction Fuzzy Hash: 50014B70E1020EAFDF00DFF1DD89ABEB7F8FB08205F504569A911E6181E734AA048B69
                                                                                                    Function 6C6A2CE9 Relevance: 4.5, APIs: 3, Instructions: 40COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • LoadResource.KERNEL32(?,?,?,6C6A2BE3,?,00000000,?,?,6C6A2C6F,?,?,?), ref: 6C6A2CF2
                                                                                                    • LockResource.KERNEL32(00000000,00000A2F,?,6C6A2BE3,?,00000000,?,?,6C6A2C6F,?,?,?), ref: 6C6A2D00
                                                                                                    • SizeofResource.KERNEL32(?,?,?,6C6A2BE3,?,00000000,?,?,6C6A2C6F,?,?,?), ref: 6C6A2D12
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Resource$LoadLockSizeof
                                                                                                    • String ID:
                                                                                                    • API String ID: 2853612939-0
                                                                                                    • Opcode ID: ef7b6ca8e8190282a6d412222b4dfc064a6a905f03d31f995962c8c8874fa5d4
                                                                                                    • Instruction ID: 869053b13e78768d518f5aeae0a9f7d51937a21f4c734218ad88d9b41ab351f4
                                                                                                    • Opcode Fuzzy Hash: ef7b6ca8e8190282a6d412222b4dfc064a6a905f03d31f995962c8c8874fa5d4
                                                                                                    • Instruction Fuzzy Hash: 66F0FF32A4122AABCF212FEAD90809ABBF8EB0535A7004926FC4DD7511E731DC528BC4
                                                                                                    Function 6C689E6A Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetCurrentProcess.KERNEL32(6C661DE7,?,6C689E40,6C661DE7,6C6BB670,0000000C,6C689F88,6C661DE7,00000002,00000000,?,6C685DF9,00000003,?,6C67FA3A,6C67FA7E), ref: 6C689E8B
                                                                                                    • TerminateProcess.KERNEL32(00000000,?,6C689E40,6C661DE7,6C6BB670,0000000C,6C689F88,6C661DE7,00000002,00000000,?,6C685DF9,00000003,?,6C67FA3A,6C67FA7E), ref: 6C689E92
                                                                                                    • ExitProcess.KERNEL32 ref: 6C689EA4
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Process$CurrentExitTerminate
                                                                                                    • String ID:
                                                                                                    • API String ID: 1703294689-0
                                                                                                    • Opcode ID: 8a8751650a0919ad43fdfa70fc17d428ada43a0a9ddf8c7111215f83d74df82c
                                                                                                    • Instruction ID: 36c560cc84b487ca873334c74e591365ae65accf3afaa6bfa6dd5a5f4cde2871
                                                                                                    • Opcode Fuzzy Hash: 8a8751650a0919ad43fdfa70fc17d428ada43a0a9ddf8c7111215f83d74df82c
                                                                                                    • Instruction Fuzzy Hash: 67E0BF31101544ABCF015F95D94C99D3F79EF46749F044415F80556522CB35ED46DB68
                                                                                                    Function 6C66A090 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 252COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • std::_Xinvalid_argument.LIBCPMT ref: 6C66A345
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Xinvalid_argumentstd::_
                                                                                                    • String ID: vector<T> too long
                                                                                                    • API String ID: 909987262-3788999226
                                                                                                    • Opcode ID: 9b001d51ea16e7888ec7c2ad9301ebd0c522f11dd81fdb49dadada0b3b06be11
                                                                                                    • Instruction ID: 5ad90ca6a3b0e16fd7c24c9b7a43c7648f98e6ee06622270b07a64c98792d41c
                                                                                                    • Opcode Fuzzy Hash: 9b001d51ea16e7888ec7c2ad9301ebd0c522f11dd81fdb49dadada0b3b06be11
                                                                                                    • Instruction Fuzzy Hash: 4781C672A001189FCB08CF69C9909EEBBF6EFC9304B04C259E9069F755D731E915CB95
                                                                                                    Function 6C68168B Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 135COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 6C6816A4
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: FeaturePresentProcessor
                                                                                                    • String ID:
                                                                                                    • API String ID: 2325560087-3916222277
                                                                                                    • Opcode ID: 8480f1fc07068035cd7b4a0fcdc18698f8737b95fc81e54b1934da10ffb37644
                                                                                                    • Instruction ID: e563ac543e5b8edb72899015d5fc2832b483521de0a2a9eeef7a81ee571b6098
                                                                                                    • Opcode Fuzzy Hash: 8480f1fc07068035cd7b4a0fcdc18698f8737b95fc81e54b1934da10ffb37644
                                                                                                    • Instruction Fuzzy Hash: 7D514FB1A022058FEF04CF66C58279ABBF4FB49314F20856AD425EB680E375D450CFA8
                                                                                                    Function 6C696C6E Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 114COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: .
                                                                                                    • API String ID: 0-248832578
                                                                                                    • Opcode ID: f3b70fd0ccca1921083e33fcbf52b47bb19eacbd888e43c8a2c57ffcda0bd457
                                                                                                    • Instruction ID: c89d83be1c06a05a438eaa85937c4207055c5dd1d4b99257e7b5f8dd68ed2bbe
                                                                                                    • Opcode Fuzzy Hash: f3b70fd0ccca1921083e33fcbf52b47bb19eacbd888e43c8a2c57ffcda0bd457
                                                                                                    • Instruction Fuzzy Hash: 07315C7190434AAFCB148E79CC84EEB7BBDDF86308F140299F428D7651E670DD458BA4
                                                                                                    Function 6C68AE20 Relevance: 3.5, APIs: 2, Instructions: 464COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 6ddc88b868330ce88cbc43b3a6ab2eeea43af64c70ef626071db1f136410f2e4
                                                                                                    • Instruction ID: 08e1ada567f2fb71a96efbb7f1fdb37a300d39296c65fb1c50e27fc1ea181d52
                                                                                                    • Opcode Fuzzy Hash: 6ddc88b868330ce88cbc43b3a6ab2eeea43af64c70ef626071db1f136410f2e4
                                                                                                    • Instruction Fuzzy Hash: DF025E71E052199FDB14CFA9C8906AEF7F1FF88314F248269D819EB780D731A901CB94
                                                                                                    Function 6C69AD29 Relevance: 3.2, APIs: 2, Instructions: 192COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • IsValidCodePage.KERNEL32(00000000), ref: 6C69ADD0
                                                                                                      • Part of subcall function 6C686183: IsProcessorFeaturePresent.KERNEL32(00000017), ref: 6C686185
                                                                                                      • Part of subcall function 6C686183: GetCurrentProcess.KERNEL32(C0000417,00000000,0000010C,6C6722CA), ref: 6C6861A7
                                                                                                      • Part of subcall function 6C686183: TerminateProcess.KERNEL32(00000000), ref: 6C6861AE
                                                                                                      • Part of subcall function 6C68FBB0: GetLastError.KERNEL32(00000008,6C661DE7,6C68EBE2,6C685DC7), ref: 6C68FBB4
                                                                                                      • Part of subcall function 6C68FBB0: _free.LIBCMT ref: 6C68FBE7
                                                                                                      • Part of subcall function 6C68FBB0: SetLastError.KERNEL32(00000000,00000008,6C661DE7), ref: 6C68FC28
                                                                                                      • Part of subcall function 6C68FBB0: _abort.LIBCMT ref: 6C68FC2E
                                                                                                      • Part of subcall function 6C68FBB0: _free.LIBCMT ref: 6C68FC0F
                                                                                                      • Part of subcall function 6C68FBB0: SetLastError.KERNEL32(00000000,00000008,6C661DE7), ref: 6C68FC1C
                                                                                                    • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 6C69AF11
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLast$Process_free$CodeCurrentFeatureInfoLocalePagePresentProcessorTerminateValid_abort
                                                                                                    • String ID:
                                                                                                    • API String ID: 3156739809-0
                                                                                                    • Opcode ID: 9c6759405be688169c00fc93795d324265323779f2d7f362f34d205612fb6ece
                                                                                                    • Instruction ID: 7f61c7042e88dab68eb9f542c888b5ce58120731803c894b3c7d76cb79bf0abe
                                                                                                    • Opcode Fuzzy Hash: 9c6759405be688169c00fc93795d324265323779f2d7f362f34d205612fb6ece
                                                                                                    • Instruction Fuzzy Hash: CD51F732E01207AAE7149A75DC41FF773E8EF0A719F100529E915DBA82EB70E80587BD
                                                                                                    Function 6C672D20 Relevance: 3.0, APIs: 2, Instructions: 40timeCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 6C672D80
                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C672D92
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Time$FileSystemUnothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                    • String ID:
                                                                                                    • API String ID: 1518329722-0
                                                                                                    • Opcode ID: 44981a1a3f28dae4fc1e7d31485eafd50f26741f29c2b0778258e7888a1406b4
                                                                                                    • Instruction ID: 88674b6d545723dc51f32ecfc0aa6fd6acb680e1a0e7821e6d02a99d589338be
                                                                                                    • Opcode Fuzzy Hash: 44981a1a3f28dae4fc1e7d31485eafd50f26741f29c2b0778258e7888a1406b4
                                                                                                    • Instruction Fuzzy Hash: 41012B756043009FDB209F29CD817567BF8AB02314F204B19F9B48A2E1E73190208B4F
                                                                                                    Function 6C693093 Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,6C69308E,?,?,00000008,?,?,6C69CFB4,00000000), ref: 6C6932C0
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ExceptionRaise
                                                                                                    • String ID:
                                                                                                    • API String ID: 3997070919-0
                                                                                                    • Opcode ID: 41e136a3318e997014cabd04781d17401a056520ab8f1d6748e824f0f16441ca
                                                                                                    • Instruction ID: 6b91ae265d9f73b646565573e3464a521e218fe4f5c3290ded91a6a88a886d19
                                                                                                    • Opcode Fuzzy Hash: 41e136a3318e997014cabd04781d17401a056520ab8f1d6748e824f0f16441ca
                                                                                                    • Instruction Fuzzy Hash: B5B16C7161060ADFD704CF28C486B957BE0FF45368F258668E9ADCF6A1C735E982CB48
                                                                                                    Function 6C69B329 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 6C68FBB0: GetLastError.KERNEL32(00000008,6C661DE7,6C68EBE2,6C685DC7), ref: 6C68FBB4
                                                                                                      • Part of subcall function 6C68FBB0: _free.LIBCMT ref: 6C68FBE7
                                                                                                      • Part of subcall function 6C68FBB0: SetLastError.KERNEL32(00000000,00000008,6C661DE7), ref: 6C68FC28
                                                                                                      • Part of subcall function 6C68FBB0: _abort.LIBCMT ref: 6C68FC2E
                                                                                                      • Part of subcall function 6C68FBB0: _free.LIBCMT ref: 6C68FC0F
                                                                                                      • Part of subcall function 6C68FBB0: SetLastError.KERNEL32(00000000,00000008,6C661DE7), ref: 6C68FC1C
                                                                                                    • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 6C69B37D
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLast$_free$InfoLocale_abort
                                                                                                    • String ID:
                                                                                                    • API String ID: 1663032902-0
                                                                                                    • Opcode ID: 3a779140ae2ce0a0c4d16a4346b0c3b037388e20af7e4d87102f23b67571d8b8
                                                                                                    • Instruction ID: 08336375c8e52d42929e45e67ab3e06b6b453d6d62b65b4d15926232acd33417
                                                                                                    • Opcode Fuzzy Hash: 3a779140ae2ce0a0c4d16a4346b0c3b037388e20af7e4d87102f23b67571d8b8
                                                                                                    • Instruction Fuzzy Hash: 64218332515217ABDB24DE25DC81BBA73A8EF86318F10016BEE04D6A40EB75ED49CB5C
                                                                                                    Function 6C69AEBD Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 6C68FBB0: GetLastError.KERNEL32(00000008,6C661DE7,6C68EBE2,6C685DC7), ref: 6C68FBB4
                                                                                                      • Part of subcall function 6C68FBB0: _free.LIBCMT ref: 6C68FBE7
                                                                                                      • Part of subcall function 6C68FBB0: SetLastError.KERNEL32(00000000,00000008,6C661DE7), ref: 6C68FC28
                                                                                                      • Part of subcall function 6C68FBB0: _abort.LIBCMT ref: 6C68FC2E
                                                                                                      • Part of subcall function 6C68FBB0: _free.LIBCMT ref: 6C68FC0F
                                                                                                      • Part of subcall function 6C68FBB0: SetLastError.KERNEL32(00000000,00000008,6C661DE7), ref: 6C68FC1C
                                                                                                    • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 6C69AF11
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLast$_free$InfoLocale_abort
                                                                                                    • String ID:
                                                                                                    • API String ID: 1663032902-0
                                                                                                    • Opcode ID: 3a44313dc6518882e6b772bc75914997a85fc297da78d5b116ecb9e1098e9b99
                                                                                                    • Instruction ID: e9d1997d7f38de92f920e281e7c713ee3fb24e4991cd35931a71caa4ffc4c1eb
                                                                                                    • Opcode Fuzzy Hash: 3a44313dc6518882e6b772bc75914997a85fc297da78d5b116ecb9e1098e9b99
                                                                                                    • Instruction Fuzzy Hash: 08110672A01207ABDB148F29DC85AFA73E8EF06314B1041BAE905D7640EB34E90987AC
                                                                                                    Function 6C69AFB1 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 6C68FBB0: GetLastError.KERNEL32(00000008,6C661DE7,6C68EBE2,6C685DC7), ref: 6C68FBB4
                                                                                                      • Part of subcall function 6C68FBB0: _free.LIBCMT ref: 6C68FBE7
                                                                                                      • Part of subcall function 6C68FBB0: SetLastError.KERNEL32(00000000,00000008,6C661DE7), ref: 6C68FC28
                                                                                                      • Part of subcall function 6C68FBB0: _abort.LIBCMT ref: 6C68FC2E
                                                                                                    • EnumSystemLocalesW.KERNEL32(6C69B0D9,00000001), ref: 6C69B023
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLast$EnumLocalesSystem_abort_free
                                                                                                    • String ID:
                                                                                                    • API String ID: 1084509184-0
                                                                                                    • Opcode ID: 1e237f0b52becf8a6d325e9186c7f126ff78f7d234b267206f4f48e6e163673a
                                                                                                    • Instruction ID: 938fce734597ad5f7e801654a718ee212fceaed18415a6f05d14ba1c0ea90374
                                                                                                    • Opcode Fuzzy Hash: 1e237f0b52becf8a6d325e9186c7f126ff78f7d234b267206f4f48e6e163673a
                                                                                                    • Instruction Fuzzy Hash: 9311063A2043025FDB189F3AC8A46BAB7A2FF8435CB18452DD54787B40D3316842CB48
                                                                                                    Function 6C69B559 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 6C68FBB0: GetLastError.KERNEL32(00000008,6C661DE7,6C68EBE2,6C685DC7), ref: 6C68FBB4
                                                                                                      • Part of subcall function 6C68FBB0: _free.LIBCMT ref: 6C68FBE7
                                                                                                      • Part of subcall function 6C68FBB0: SetLastError.KERNEL32(00000000,00000008,6C661DE7), ref: 6C68FC28
                                                                                                      • Part of subcall function 6C68FBB0: _abort.LIBCMT ref: 6C68FC2E
                                                                                                    • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,6C69B2F7,00000000,00000000,?), ref: 6C69B585
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLast$InfoLocale_abort_free
                                                                                                    • String ID:
                                                                                                    • API String ID: 2692324296-0
                                                                                                    • Opcode ID: 79accf00f174847243c82774b3bda678b50e6c6874dcd26405fd4d9ad7c472e7
                                                                                                    • Instruction ID: 80a5528f5218b9b71851fe55f9fbdd041a74abfc6c1477458425098cde9646cb
                                                                                                    • Opcode Fuzzy Hash: 79accf00f174847243c82774b3bda678b50e6c6874dcd26405fd4d9ad7c472e7
                                                                                                    • Instruction Fuzzy Hash: C3F0F932610117AFDF244E65C805BFB7768EF80768F144969DC15A3640EA30FE01CAD8
                                                                                                    Function 6C69B04C Relevance: 1.5, APIs: 1, Instructions: 42COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 6C68FBB0: GetLastError.KERNEL32(00000008,6C661DE7,6C68EBE2,6C685DC7), ref: 6C68FBB4
                                                                                                      • Part of subcall function 6C68FBB0: _free.LIBCMT ref: 6C68FBE7
                                                                                                      • Part of subcall function 6C68FBB0: SetLastError.KERNEL32(00000000,00000008,6C661DE7), ref: 6C68FC28
                                                                                                      • Part of subcall function 6C68FBB0: _abort.LIBCMT ref: 6C68FC2E
                                                                                                    • EnumSystemLocalesW.KERNEL32(6C69B329,00000001), ref: 6C69B098
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLast$EnumLocalesSystem_abort_free
                                                                                                    • String ID:
                                                                                                    • API String ID: 1084509184-0
                                                                                                    • Opcode ID: af61d71e778d5370b8916ba1a351e6202427e001672368f460e6f43b0e8736e5
                                                                                                    • Instruction ID: 1138b737639946b0b2699412ae13fca6aa3d2f5bc2b2bfc5f7121b1839c11e43
                                                                                                    • Opcode Fuzzy Hash: af61d71e778d5370b8916ba1a351e6202427e001672368f460e6f43b0e8736e5
                                                                                                    • Instruction Fuzzy Hash: 83F046323003065FD7244F3AD894AAA7BA1EFC136CF084A2DEA418BA40D771A842CB4C
                                                                                                    Function 6C68EC36 Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 6C68B688: EnterCriticalSection.KERNEL32(?,?,6C68B4E9,00000000,6C6BB718,0000000C,6C67F041,?,6C680906,?,?,6C671BDD,0000012C), ref: 6C68B697
                                                                                                    • EnumSystemLocalesW.KERNEL32(6C68EBF0,00000001,6C6BB8B8,0000000C), ref: 6C68EC6E
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CriticalEnterEnumLocalesSectionSystem
                                                                                                    • String ID:
                                                                                                    • API String ID: 1272433827-0
                                                                                                    • Opcode ID: d9a0f2221ac61a6b8249f74081e26465a4754778fa39bb5fada6881d83ac5aad
                                                                                                    • Instruction ID: 02f6c9ae35934df44d277fcc6dab0208f3692b8e40fb23aebb4648390a8fc6e0
                                                                                                    • Opcode Fuzzy Hash: d9a0f2221ac61a6b8249f74081e26465a4754778fa39bb5fada6881d83ac5aad
                                                                                                    • Instruction Fuzzy Hash: FDF04F36A11200DFDB14DFA9C485B9D37B0AB07324F008556F410DB694CB7489958F9D
                                                                                                    Function 6C69F147 Relevance: 1.5, APIs: 1, Instructions: 33timeCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: LocalTime
                                                                                                    • String ID:
                                                                                                    • API String ID: 481472006-0
                                                                                                    • Opcode ID: ca81806edb11a250962ae6b1e5ada7249972dece8c0e5d8c644674fae8f5fabe
                                                                                                    • Instruction ID: 7a9830f9f91b18e178aca1d459ca20613d57dff66d10600206c246a661a7e5d3
                                                                                                    • Opcode Fuzzy Hash: ca81806edb11a250962ae6b1e5ada7249972dece8c0e5d8c644674fae8f5fabe
                                                                                                    • Instruction Fuzzy Hash: AFF09639D0010BD7CF04EF95C5517FDB7B89F19705F804079A806EAA40E7388945C7A9
                                                                                                    Function 6C68F15E Relevance: 1.5, APIs: 1, Instructions: 32COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetLocaleInfoW.KERNEL32(00000000,00000002,00000000,?,20001004,?,?,?,?,6C691EFE,?,20001004,?,00000002,?), ref: 6C68F19D
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: InfoLocale
                                                                                                    • String ID:
                                                                                                    • API String ID: 2299586839-0
                                                                                                    • Opcode ID: 6bf65c0ead60dc1ea2fc8bf427f749942bd57d90c0b84d20f95163bcd8163ac9
                                                                                                    • Instruction ID: d1567ffc43f6f0d57b7d1cf595d6dc599f0e007e051b4ca37ba79ebea2d6d5ee
                                                                                                    • Opcode Fuzzy Hash: 6bf65c0ead60dc1ea2fc8bf427f749942bd57d90c0b84d20f95163bcd8163ac9
                                                                                                    • Instruction Fuzzy Hash: 80F08C39602218BBCF129F61DC00AAE7BA6EF0A710F408119FC0566610CB329E249BED
                                                                                                    Function 6C69AF66 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 6C68FBB0: GetLastError.KERNEL32(00000008,6C661DE7,6C68EBE2,6C685DC7), ref: 6C68FBB4
                                                                                                      • Part of subcall function 6C68FBB0: _free.LIBCMT ref: 6C68FBE7
                                                                                                      • Part of subcall function 6C68FBB0: SetLastError.KERNEL32(00000000,00000008,6C661DE7), ref: 6C68FC28
                                                                                                      • Part of subcall function 6C68FBB0: _abort.LIBCMT ref: 6C68FC2E
                                                                                                    • EnumSystemLocalesW.KERNEL32(Function_0003AEBD,00000001), ref: 6C69AF9D
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLast$EnumLocalesSystem_abort_free
                                                                                                    • String ID:
                                                                                                    • API String ID: 1084509184-0
                                                                                                    • Opcode ID: 752c0445fff1d1c534a2dc231a1b39fc7633b19c272ea496b7b03c8872b4df6b
                                                                                                    • Instruction ID: 5a5fc6458a11e4cb8b52444f5655b304015f0a2486d039a6b43356542761d0ee
                                                                                                    • Opcode Fuzzy Hash: 752c0445fff1d1c534a2dc231a1b39fc7633b19c272ea496b7b03c8872b4df6b
                                                                                                    • Instruction Fuzzy Hash: E8F02B3670020657CB049F36D894BAA7FE4EFC2768F0A445DEB068BB41C7359843CBA8
                                                                                                    Function 6C674580 Relevance: 1.5, Strings: 1, Instructions: 269COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID: 0-3916222277
                                                                                                    • Opcode ID: 664ca04d099b6936ca326230cdcd6652dd1628bb7acaefa94670bf4079a759b3
                                                                                                    • Instruction ID: 2ea2732bdf79bb592ad915f96c7df1130d74d4886b873076bde96ea0f0c7ad41
                                                                                                    • Opcode Fuzzy Hash: 664ca04d099b6936ca326230cdcd6652dd1628bb7acaefa94670bf4079a759b3
                                                                                                    • Instruction Fuzzy Hash: D2A19D71A056059BDB18CF68C8C02A8FBB1FF19314F188A6EE805DB742D774A945CFA4
                                                                                                    Function 6C687F4E Relevance: 1.5, Strings: 1, Instructions: 214COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: 0
                                                                                                    • API String ID: 0-4108050209
                                                                                                    • Opcode ID: 8539593f3be978389ef38bfebd006fa0c853f7248c9af714f81ab8b3c7156af0
                                                                                                    • Instruction ID: 744bae803371332cfcf7b0ce6a81efe72065a6ceec2356cf58b725d4fb4a6426
                                                                                                    • Opcode Fuzzy Hash: 8539593f3be978389ef38bfebd006fa0c853f7248c9af714f81ab8b3c7156af0
                                                                                                    • Instruction Fuzzy Hash: 575187617476455BDB20892988407EF73E59F4B30CF14091BE492DBFA1CB16EA4AC37E
                                                                                                    Function 6C68B428 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: HeapProcess
                                                                                                    • String ID:
                                                                                                    • API String ID: 54951025-0
                                                                                                    • Opcode ID: 0353c3a359ea28568be7e4e535b4560d54661bb6dd039739287f5e3c3bddca2a
                                                                                                    • Instruction ID: e1bfa9fbff2060de1aeb51522dc3b5623aeb8a611f454ff655b70df59586af53
                                                                                                    • Opcode Fuzzy Hash: 0353c3a359ea28568be7e4e535b4560d54661bb6dd039739287f5e3c3bddca2a
                                                                                                    • Instruction Fuzzy Hash: 58A011303022028F8F208E32838830C3AB8AA03280B0000AAA008C02A0EA288A208A0A
                                                                                                    Function 6C6956C9 Relevance: .6, Instructions: 637COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 7b9990103e357e776d04acaad5c427a5d55fe55e3fab90929bdca6771aca39d1
                                                                                                    • Instruction ID: 5f760893c748af741a11b3139c0af10b473c592d4e0a5a3b16bcc06a03b5cea6
                                                                                                    • Opcode Fuzzy Hash: 7b9990103e357e776d04acaad5c427a5d55fe55e3fab90929bdca6771aca39d1
                                                                                                    • Instruction Fuzzy Hash: 17324771E69F424DDB239535C9B2325B698AFB73C9F14C727F816B5D95EB29C0830108
                                                                                                    Function 6C6846ED Relevance: .3, Instructions: 345COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
                                                                                                    • Instruction ID: 9a654a6963be2bd13991890053ae6fe35e09012cb6c010a8f247f203b614f02d
                                                                                                    • Opcode Fuzzy Hash: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
                                                                                                    • Instruction Fuzzy Hash: 47C1913220F19349EB1E467A843413FBBE95E927B531A076ED4B2DB9D4FE60C124C678
                                                                                                    Function 6C684B22 Relevance: .3, Instructions: 341COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
                                                                                                    • Instruction ID: 64d50b4d821df8fb5bf9a6ad206e8e37e1b22c54884adc655794b16a08eaf5b7
                                                                                                    • Opcode Fuzzy Hash: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
                                                                                                    • Instruction Fuzzy Hash: BCC1A33220F4934AEB0E463AD47413FBAF95A927B531A07ADD4B2DB9D4FE60C124C674
                                                                                                    Function 6C6842B8 Relevance: .3, Instructions: 331COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
                                                                                                    • Instruction ID: 465612f5e5cb5a178fbc4a617c496d095d535c3cb0840d729d03bea0876c17b1
                                                                                                    • Opcode Fuzzy Hash: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
                                                                                                    • Instruction Fuzzy Hash: 56C1B33220F1934AEB0E467A943403FFAE95E927B531A076DD4B2CB9C4FEA0C164C674
                                                                                                    Function 6C683EA0 Relevance: .3, Instructions: 323COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                                                                                    • Instruction ID: 13231bb7323da996609fae6224dc9080248a60fed2e95d3a67abfcf643f5b026
                                                                                                    • Opcode Fuzzy Hash: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                                                                                    • Instruction Fuzzy Hash: 12C18F3220F5A349EB0E867A943403FBAF55A927B531A076DD4B2DB9C4FE60C124D6B4
                                                                                                    Function 6C68817D Relevance: .2, Instructions: 237COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: e9ceab3aca8c4a12fd8a43fca72e691ff59d4a1de5d8469e3dd9eaab969ba172
                                                                                                    • Instruction ID: 09be3ee5b1dbe976faaa1a159a9e2ce75e07d5381aa51161d5ab5074218ecda0
                                                                                                    • Opcode Fuzzy Hash: e9ceab3aca8c4a12fd8a43fca72e691ff59d4a1de5d8469e3dd9eaab969ba172
                                                                                                    • Instruction Fuzzy Hash: BC61687164BB0967DA2449684860BEE33949F4F70CF10091BDA92DBEB2DB21D946C3BD
                                                                                                    Function 6C681ED0 Relevance: .1, Instructions: 76COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                    • Instruction ID: 9e66f333d53cdbcd3f3f534952ed3ab9fef7932b34f8ffaa466bab6c380a2f4c
                                                                                                    • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                    • Instruction Fuzzy Hash: 74113DB72470C243D200863DD4B46A7F3E5EBCA32DB38437AE1728BE54D323E1459528
                                                                                                    Function 6C682FC6 Relevance: 24.8, APIs: 11, Strings: 3, Instructions: 269COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • IsInExceptionSpec.LIBVCRUNTIME ref: 6C6830CA
                                                                                                    • _GetRangeOfTrysToCheck.LIBVCRUNTIME ref: 6C683145
                                                                                                    • ___TypeMatch.LIBVCRUNTIME ref: 6C6831B9
                                                                                                    • ___DestructExceptionObject.LIBVCRUNTIME ref: 6C68323E
                                                                                                    • IsInExceptionSpec.LIBVCRUNTIME ref: 6C683279
                                                                                                    • FindHandlerForForeignException.LIBVCRUNTIME ref: 6C6832C8
                                                                                                    • ___DestructExceptionObject.LIBVCRUNTIME ref: 6C6832EA
                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 6C683302
                                                                                                    • _UnwindNestedFrames.LIBCMT ref: 6C68330A
                                                                                                    • ___FrameUnwindToState.LIBVCRUNTIME ref: 6C683316
                                                                                                    • CallUnexpected.LIBVCRUNTIME ref: 6C683321
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Exception$DestructObjectSpecUnwind$CallCheckException@8FindForeignFrameFramesHandlerMatchNestedRangeStateThrowTrysTypeUnexpected
                                                                                                    • String ID: csm$csm$csm
                                                                                                    • API String ID: 410073093-393685449
                                                                                                    • Opcode ID: aacf23579b2b28da4028054b9129166f492af297b180d1437db5fe0421f3a593
                                                                                                    • Instruction ID: 261418462b0833e09ce73d5a3b143f48b2c5974a93fe040473a8087c5aa84a0b
                                                                                                    • Opcode Fuzzy Hash: aacf23579b2b28da4028054b9129166f492af297b180d1437db5fe0421f3a593
                                                                                                    • Instruction Fuzzy Hash: 2AB1BD708063099FDF10CFA5D850BDEBBB4BF0A318F148269E85167A51C3369645CBBE
                                                                                                    Function 6C68BA4E Relevance: 22.8, APIs: 15, Instructions: 296COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: _free$Info
                                                                                                    • String ID:
                                                                                                    • API String ID: 2509303402-0
                                                                                                    • Opcode ID: 41c02abaa52e33d87119a3f6183c3716ab1b7714fc76dc9a232485f43c4f85bc
                                                                                                    • Instruction ID: aea7c28e2f9688cfb8204cb65d0a2888ce49c32da3b937b5579fa29a8b9b40ef
                                                                                                    • Opcode Fuzzy Hash: 41c02abaa52e33d87119a3f6183c3716ab1b7714fc76dc9a232485f43c4f85bc
                                                                                                    • Instruction Fuzzy Hash: 97B1F2B1902605AFEB11CF64CC80BEEBBF4BF89308F140169E495B7751DB71984A8B68
                                                                                                    Function 6C697EE9 Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ___free_lconv_mon.LIBCMT ref: 6C697F2D
                                                                                                      • Part of subcall function 6C6998B3: _free.LIBCMT ref: 6C6998D0
                                                                                                      • Part of subcall function 6C6998B3: _free.LIBCMT ref: 6C6998E2
                                                                                                      • Part of subcall function 6C6998B3: _free.LIBCMT ref: 6C6998F4
                                                                                                      • Part of subcall function 6C6998B3: _free.LIBCMT ref: 6C699906
                                                                                                      • Part of subcall function 6C6998B3: _free.LIBCMT ref: 6C699918
                                                                                                      • Part of subcall function 6C6998B3: _free.LIBCMT ref: 6C69992A
                                                                                                      • Part of subcall function 6C6998B3: _free.LIBCMT ref: 6C69993C
                                                                                                      • Part of subcall function 6C6998B3: _free.LIBCMT ref: 6C69994E
                                                                                                      • Part of subcall function 6C6998B3: _free.LIBCMT ref: 6C699960
                                                                                                      • Part of subcall function 6C6998B3: _free.LIBCMT ref: 6C699972
                                                                                                      • Part of subcall function 6C6998B3: _free.LIBCMT ref: 6C699984
                                                                                                      • Part of subcall function 6C6998B3: _free.LIBCMT ref: 6C699996
                                                                                                      • Part of subcall function 6C6998B3: _free.LIBCMT ref: 6C6999A8
                                                                                                    • _free.LIBCMT ref: 6C697F22
                                                                                                      • Part of subcall function 6C68CBA5: HeapFree.KERNEL32(00000000,00000000), ref: 6C68CBBB
                                                                                                      • Part of subcall function 6C68CBA5: GetLastError.KERNEL32(00000000,?,6C69A020,00000000,00000000,00000000,00000000,?,6C69A2C4,00000000,00000007,00000000,?,6C698081,00000000,00000000), ref: 6C68CBCD
                                                                                                    • _free.LIBCMT ref: 6C697F44
                                                                                                    • _free.LIBCMT ref: 6C697F59
                                                                                                    • _free.LIBCMT ref: 6C697F64
                                                                                                    • _free.LIBCMT ref: 6C697F86
                                                                                                    • _free.LIBCMT ref: 6C697F99
                                                                                                    • _free.LIBCMT ref: 6C697FA7
                                                                                                    • _free.LIBCMT ref: 6C697FB2
                                                                                                    • _free.LIBCMT ref: 6C697FEA
                                                                                                    • _free.LIBCMT ref: 6C697FF1
                                                                                                    • _free.LIBCMT ref: 6C69800E
                                                                                                    • _free.LIBCMT ref: 6C698026
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                    • String ID:
                                                                                                    • API String ID: 161543041-0
                                                                                                    • Opcode ID: 1de4d89a36e2ca3ae715e7277761f02d4b8507cacc8fa2c3f23440c314ffd7f2
                                                                                                    • Instruction ID: f825315d364bd32a3c660cc2a9b9bd22296c5a05b0df697c1faa853eddbe0400
                                                                                                    • Opcode Fuzzy Hash: 1de4d89a36e2ca3ae715e7277761f02d4b8507cacc8fa2c3f23440c314ffd7f2
                                                                                                    • Instruction Fuzzy Hash: B8315231606F06AFFB215A35D844B9673E9EF41718F204529E49AF7A50EF31A948C72C
                                                                                                    Function 6C6625F0 Relevance: 19.6, APIs: 8, Strings: 3, Instructions: 300threadCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Smanip$Current$CountProcessThreadTick
                                                                                                    • String ID: )] $UNKNOWN$VERBOSE
                                                                                                    • API String ID: 1623629380-3915483136
                                                                                                    • Opcode ID: dbf49f8109305a7fe77b1ec4a6914cd04aa46f9d4e1283bb53fc15b6b4cce9bc
                                                                                                    • Instruction ID: 8b80330ee72ec2f5ddd74a4bc2e6edfacba6ddaed7526eb525d87a62b6cdc930
                                                                                                    • Opcode Fuzzy Hash: dbf49f8109305a7fe77b1ec4a6914cd04aa46f9d4e1283bb53fc15b6b4cce9bc
                                                                                                    • Instruction Fuzzy Hash: 4BA17CB0A043019FD714CF66DC45F9ABBE5AF86308F04892DE49987B91EB31D5188B9F
                                                                                                    Function 6C671CB0 Relevance: 19.5, APIs: 9, Strings: 2, Instructions: 265threadCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CloseHandle.KERNEL32(?), ref: 6C671CCF
                                                                                                    • TlsSetValue.KERNEL32(?,?), ref: 6C671CFD
                                                                                                    • CloseHandle.KERNEL32(?), ref: 6C671D4A
                                                                                                    • TlsSetValue.KERNEL32(?,00000000), ref: 6C671D72
                                                                                                    • GetCurrentThreadId.KERNEL32(?,?), ref: 6C671E06
                                                                                                    • AcquireSRWLockExclusive.KERNEL32(?,?,?), ref: 6C671E19
                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?), ref: 6C671EDE
                                                                                                    • AcquireSRWLockExclusive.KERNEL32(?,?,?), ref: 6C671F31
                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?), ref: 6C671FBF
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ExclusiveLock$AcquireCloseHandleReleaseValue$CurrentThread
                                                                                                    • String ID: Failed to TlsSetValue().$c:\b\build\slave\win\build\src\base\threading\thread_local_win.cc
                                                                                                    • API String ID: 3870014289-1575462531
                                                                                                    • Opcode ID: 5dbdc1649d2cc36d9628d2d71c78140cafaa441542b79a10d9f67fa24a1471f7
                                                                                                    • Instruction ID: 7309521f4b9baa8b82146044c5e6c3e380d3ce6d1525c0b5407164e2b7391f86
                                                                                                    • Opcode Fuzzy Hash: 5dbdc1649d2cc36d9628d2d71c78140cafaa441542b79a10d9f67fa24a1471f7
                                                                                                    • Instruction Fuzzy Hash: 32813675508305ABCB20CF61DC84BCA77F4BB56308F04092AF99997A92D771A54CCBAE
                                                                                                    Function 6C6999B1 Relevance: 18.4, APIs: 12, Instructions: 376COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: _free
                                                                                                    • String ID:
                                                                                                    • API String ID: 269201875-0
                                                                                                    • Opcode ID: 1a00ba55ab49fdbde75c1d0f381e061a6be61a69f6337e6769ee97c5bc928380
                                                                                                    • Instruction ID: 6d72b8b085f1b511c2742e3167cfc97e1a3e280218e7bfd2e83f451a120b670c
                                                                                                    • Opcode Fuzzy Hash: 1a00ba55ab49fdbde75c1d0f381e061a6be61a69f6337e6769ee97c5bc928380
                                                                                                    • Instruction Fuzzy Hash: C1C178B2E40205BFDB20DBA8CC42FEEB7F8AB45744F140165FA05FB785E6709A458768
                                                                                                    Function 6C6A526F Relevance: 17.8, APIs: 2, Strings: 8, Instructions: 305fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 6C6A6AB6: SetFilePointerEx.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 6C6A6AEE
                                                                                                      • Part of subcall function 6C6A6AB6: GetLastError.KERNEL32 ref: 6C6A6B07
                                                                                                    • SetEndOfFile.KERNEL32(?,?,?,?,00000000), ref: 6C6A52F7
                                                                                                    • GetLastError.KERNEL32(?,?,?,?,00000000), ref: 6C6A5310
                                                                                                      • Part of subcall function 6C662340: GetLastError.KERNEL32(?,00000000), ref: 6C6623D6
                                                                                                      • Part of subcall function 6C6A6663: GetLastError.KERNEL32(?,000000FF,0000001C,00000001), ref: 6C6A66A2
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLast$File$Pointer
                                                                                                    • String ID: expected to start with $DAPC$c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\client\crash_report_database_win.cc$failed to rewind to write$failed to truncate$failed to write header$failed to write records$failed to write string table
                                                                                                    • API String ID: 4162258135-419746783
                                                                                                    • Opcode ID: c9a8015a846ea839485cce368a661a3155b61145590572f2e670f1a242969891
                                                                                                    • Instruction ID: 9e1f01837512359563180a4acfac9baa2d4c18510e139884929c07e7d1320e19
                                                                                                    • Opcode Fuzzy Hash: c9a8015a846ea839485cce368a661a3155b61145590572f2e670f1a242969891
                                                                                                    • Instruction Fuzzy Hash: 31A10571940204AAEB14DBA5DC45FEDB3B9AF12318F104089E509B7ED2EF31AD89CB1D
                                                                                                    Function 6C6977D1 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 209COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                                                                                    • String ID: )L
                                                                                                    • API String ID: 1282221369-3743221452
                                                                                                    • Opcode ID: a7466c73320d0a472669fe105ba007c3c83a3376ddc644b9ca11fad8bb852df5
                                                                                                    • Instruction ID: 4dcfc07ea9186510a015e02925b25aa3e58a1edb27761b162c6f5c6e74aad4ae
                                                                                                    • Opcode Fuzzy Hash: a7466c73320d0a472669fe105ba007c3c83a3376ddc644b9ca11fad8bb852df5
                                                                                                    • Instruction Fuzzy Hash: E2613D71B067127FEB15AF6688807A977B4DF03318F1402BDE95597781D7318608C7AD
                                                                                                    Function 6C666AE0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 113COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: SVWj
                                                                                                    • API String ID: 0-3360714375
                                                                                                    • Opcode ID: e803a1f3aa2d1fdc1a8256cc43aecf3d3f25a4a529fff5903d1458beb94f7d1f
                                                                                                    • Instruction ID: d70124c75cb8aa51ea3f65e00feb584820f46cef08a97330779d9423092f8b92
                                                                                                    • Opcode Fuzzy Hash: e803a1f3aa2d1fdc1a8256cc43aecf3d3f25a4a529fff5903d1458beb94f7d1f
                                                                                                    • Instruction Fuzzy Hash: 82312632A051009BDB10CB6AE49099D73B4DB4132CB1406A9D805DBF11DB30EA65C7EF
                                                                                                    Function 6C6A77EB Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 112COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetFileAttributesW.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?,6C6A763E,000000FF,?,?), ref: 6C6A7814
                                                                                                      • Part of subcall function 6C6A7928: OutputDebugStringW.KERNEL32(6C6BEDD8,?,6C6A7900,Failed to create directory %ls, last error is %d,?,000000B7), ref: 6C6A7949
                                                                                                    Strings
                                                                                                    • %hs( %ls directory exists ), xrefs: 6C6A7825
                                                                                                    • %hs( %ls directory conflicts with an existing file. ), xrefs: 6C6A7839
                                                                                                    • install_static::`anonymous-namespace'::RecursiveDirectoryCreate, xrefs: 6C6A781C
                                                                                                    • Failed to create directory %ls, last error is %d, xrefs: 6C6A78F6
                                                                                                    • Failed to create one of the parent directories, xrefs: 6C6A78BF
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AttributesDebugFileOutputString
                                                                                                    • String ID: %hs( %ls directory conflicts with an existing file. )$%hs( %ls directory exists )$Failed to create directory %ls, last error is %d$Failed to create one of the parent directories$install_static::`anonymous-namespace'::RecursiveDirectoryCreate
                                                                                                    • API String ID: 708965821-2569357656
                                                                                                    • Opcode ID: 607cd357bea1e79a39789fbb4867786806e05b5e08e0ef3d20c619fad697617c
                                                                                                    • Instruction ID: b1bad10f95607c35a5df7a4d5e89a9e9a91ca798ebe900986ed4cda74dea79db
                                                                                                    • Opcode Fuzzy Hash: 607cd357bea1e79a39789fbb4867786806e05b5e08e0ef3d20c619fad697617c
                                                                                                    • Instruction Fuzzy Hash: F131C531A05105BADF009AE5DC41FEEB7689F03328F200616E424A3AD4DB346D1BCBAE
                                                                                                    Function 6C67D530 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 65libraryloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • new.LIBCMT ref: 6C67D54D
                                                                                                      • Part of subcall function 6C672A20: GetCurrentProcess.KERNEL32(00000000), ref: 6C672A4E
                                                                                                      • Part of subcall function 6C672A20: GetModuleHandleW.KERNEL32(kernel32.dll,IsWow64Process), ref: 6C672A64
                                                                                                      • Part of subcall function 6C672A20: GetProcAddress.KERNEL32(00000000), ref: 6C672A6B
                                                                                                      • Part of subcall function 6C672A20: GetVersionExW.KERNEL32(0000011C), ref: 6C672AE0
                                                                                                      • Part of subcall function 6C672A20: GetNativeSystemInfo.KERNEL32(?), ref: 6C672B3C
                                                                                                    • GetModuleHandleW.KERNEL32(kernel32.dll), ref: 6C67D5B7
                                                                                                    • GetProcAddress.KERNEL32(00000000,InitializeProcThreadAttributeList), ref: 6C67D5CB
                                                                                                    • GetProcAddress.KERNEL32(00000000,UpdateProcThreadAttribute), ref: 6C67D5D8
                                                                                                    • GetProcAddress.KERNEL32(00000000,DeleteProcThreadAttributeList), ref: 6C67D5E5
                                                                                                    Strings
                                                                                                    • InitializeProcThreadAttributeList, xrefs: 6C67D5C5
                                                                                                    • DeleteProcThreadAttributeList, xrefs: 6C67D5DA
                                                                                                    • UpdateProcThreadAttribute, xrefs: 6C67D5CD
                                                                                                    • kernel32.dll, xrefs: 6C67D5B2
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AddressProc$HandleModule$CurrentInfoNativeProcessSystemVersion
                                                                                                    • String ID: DeleteProcThreadAttributeList$InitializeProcThreadAttributeList$UpdateProcThreadAttribute$kernel32.dll
                                                                                                    • API String ID: 4189602493-1491343547
                                                                                                    • Opcode ID: fe7dc37216d1ee2604caaafbeefe960d9b942dd16587f2c6b2ce45808cdb66f0
                                                                                                    • Instruction ID: 5972b6d364c5fec3deafbe4d27d313975c3861cc25497cfc5d722244a7c297c4
                                                                                                    • Opcode Fuzzy Hash: fe7dc37216d1ee2604caaafbeefe960d9b942dd16587f2c6b2ce45808cdb66f0
                                                                                                    • Instruction Fuzzy Hash: CE1190F1B05240DBEF205B669C8471A3BB4EB9632DF144C3AE50197640D77C4844CB6D
                                                                                                    Function 6C68FA90 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • _free.LIBCMT ref: 6C68FAA4
                                                                                                      • Part of subcall function 6C68CBA5: HeapFree.KERNEL32(00000000,00000000), ref: 6C68CBBB
                                                                                                      • Part of subcall function 6C68CBA5: GetLastError.KERNEL32(00000000,?,6C69A020,00000000,00000000,00000000,00000000,?,6C69A2C4,00000000,00000007,00000000,?,6C698081,00000000,00000000), ref: 6C68CBCD
                                                                                                    • _free.LIBCMT ref: 6C68FAB0
                                                                                                    • _free.LIBCMT ref: 6C68FABB
                                                                                                    • _free.LIBCMT ref: 6C68FAC6
                                                                                                    • _free.LIBCMT ref: 6C68FAD1
                                                                                                    • _free.LIBCMT ref: 6C68FADC
                                                                                                    • _free.LIBCMT ref: 6C68FAE7
                                                                                                    • _free.LIBCMT ref: 6C68FAF2
                                                                                                    • _free.LIBCMT ref: 6C68FAFD
                                                                                                    • _free.LIBCMT ref: 6C68FB0B
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                                                    • String ID:
                                                                                                    • API String ID: 776569668-0
                                                                                                    • Opcode ID: 41039351b72eae7ac53e7eef9f72aad717d22a3b9c17d72d91b54b7680f9b606
                                                                                                    • Instruction ID: 4921518faeac63347653d846ace862afa868f66cccbb950a02592fdebd3a9889
                                                                                                    • Opcode Fuzzy Hash: 41039351b72eae7ac53e7eef9f72aad717d22a3b9c17d72d91b54b7680f9b606
                                                                                                    • Instruction Fuzzy Hash: 1711FBB6212808BFDB01EF54C880CDD3BA6EF85754B0141A0FA495FA31DB31DF589BA9
                                                                                                    Function 6C69DDCB Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 268COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetCPInfo.KERNEL32(?,?,?,7FFFFFFF,?,)L,6C69E0A4,?,?,?,?,?,?,?,004C29E8,)L), ref: 6C69DE77
                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 6C69DEFA
                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 6C69DF8D
                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 6C69DFA4
                                                                                                      • Part of subcall function 6C68C844: HeapAlloc.KERNEL32(00000000,0000010C,00000004,?,6C68C8A7,?,00000000,?,6C697B70,0000010C,00000004,?,0000010C,?,?,6C68DB9D), ref: 6C68C876
                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 6C69E020
                                                                                                    • __freea.LIBCMT ref: 6C69E04B
                                                                                                    • __freea.LIBCMT ref: 6C69E057
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ByteCharMultiWide$__freea$AllocHeapInfo
                                                                                                    • String ID: )L
                                                                                                    • API String ID: 2171645-3743221452
                                                                                                    • Opcode ID: 59ed892383ff225b0a271504e6fbfc6a2dd84498761cea84712eef50171de0a3
                                                                                                    • Instruction ID: ee3c85abd7b92ed3658ca1302a4a7675687242b3a5fd3e6f0bf460d13ea146bc
                                                                                                    • Opcode Fuzzy Hash: 59ed892383ff225b0a271504e6fbfc6a2dd84498761cea84712eef50171de0a3
                                                                                                    • Instruction Fuzzy Hash: DD912871E012079FDF108EA5C880EEE7BB5EF1A758F144629E910E7680EB35DC45CBA8
                                                                                                    Function 6C69C926 Relevance: 13.8, APIs: 9, Instructions: 300COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 685f9e5178cdadd21fa987915605618ab649cde6301c48d47f6e1c00eaa43a1a
                                                                                                    • Instruction ID: dcc52727e27ffc6eba05a726a25ce7cb3e5b379ba718b1a1904226f759b89f1c
                                                                                                    • Opcode Fuzzy Hash: 685f9e5178cdadd21fa987915605618ab649cde6301c48d47f6e1c00eaa43a1a
                                                                                                    • Instruction Fuzzy Hash: 4EC1C274A0524AAFDB01DFADC840BEDBBB5BF0B314F144185E852A7782C7349945CBAC
                                                                                                    Function 6C69BE3D Relevance: 13.8, APIs: 9, Instructions: 272COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 6C69BB7C: CreateFileW.KERNEL32(00000000,00000000,?,6C69BEE6,?,?,00000000), ref: 6C69BB99
                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C69BF51
                                                                                                    • __dosmaperr.LIBCMT ref: 6C69BF58
                                                                                                    • GetFileType.KERNEL32 ref: 6C69BF64
                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C69BF6E
                                                                                                    • __dosmaperr.LIBCMT ref: 6C69BF77
                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 6C69BF97
                                                                                                    • CloseHandle.KERNEL32(?), ref: 6C69C0E1
                                                                                                    • GetLastError.KERNEL32 ref: 6C69C113
                                                                                                    • __dosmaperr.LIBCMT ref: 6C69C11A
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                    • String ID:
                                                                                                    • API String ID: 4237864984-0
                                                                                                    • Opcode ID: 01fffaeab35b9d3527ce30317c35ed591946607b3cc3157338f01ffebe72094b
                                                                                                    • Instruction ID: 17a61316366fab082134ab48107faeb4d704281aee9a9ac9fdaa07655d703872
                                                                                                    • Opcode Fuzzy Hash: 01fffaeab35b9d3527ce30317c35ed591946607b3cc3157338f01ffebe72094b
                                                                                                    • Instruction Fuzzy Hash: D2A14532A141499FDF19DF68C890BAD7BB5AB47328F140249E811EB3D1C7359816CBAD
                                                                                                    Function 6C68018B Relevance: 13.7, APIs: 9, Instructions: 200COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,?,?,?), ref: 6C6801D4
                                                                                                    • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?), ref: 6C680268
                                                                                                    • ___crtCompareStringEx.LIBCPMT ref: 6C680282
                                                                                                    • ___crtCompareStringEx.LIBCPMT ref: 6C6802BE
                                                                                                    • ___crtCompareStringEx.LIBCPMT ref: 6C680337
                                                                                                    • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,?,00000000,00000000), ref: 6C680352
                                                                                                    • __freea.LIBCMT ref: 6C68035F
                                                                                                      • Part of subcall function 6C68C844: HeapAlloc.KERNEL32(00000000,0000010C,00000004,?,6C68C8A7,?,00000000,?,6C697B70,0000010C,00000004,?,0000010C,?,?,6C68DB9D), ref: 6C68C876
                                                                                                    • __freea.LIBCMT ref: 6C680372
                                                                                                    • __freea.LIBCMT ref: 6C68037D
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ByteCharCompareMultiStringWide___crt__freea$AllocHeap
                                                                                                    • String ID:
                                                                                                    • API String ID: 2499053095-0
                                                                                                    • Opcode ID: 28733fdd09a1fb32f28267d4b8a71c973e11df3152a010a1bc77edb1995297a6
                                                                                                    • Instruction ID: 630d5066bd69b32c5fdddc8cee19fa6818574bf5d4c69bb763582bdc0820b2cd
                                                                                                    • Opcode Fuzzy Hash: 28733fdd09a1fb32f28267d4b8a71c973e11df3152a010a1bc77edb1995297a6
                                                                                                    • Instruction Fuzzy Hash: A251E472A03246AFEF114FA5CCC0DDE7BB9EF46754B104A29EB14D6550DB34C894CBA8
                                                                                                    Function 6C69F383 Relevance: 13.6, APIs: 9, Instructions: 77COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • OpenProcess.KERNEL32(00000400,00000001,?,00000000,00000000), ref: 6C69F396
                                                                                                    • OpenProcessToken.ADVAPI32(00000000,00000008,?,00000000), ref: 6C69F3B3
                                                                                                    • GetTokenInformation.ADVAPI32(?,00000001(TokenIntegrityLevel),00000000,00000000,?), ref: 6C69F3CF
                                                                                                    • GetLastError.KERNEL32 ref: 6C69F3D5
                                                                                                    • GetLastError.KERNEL32 ref: 6C69F3E0
                                                                                                    • GetTokenInformation.ADVAPI32(?,00000001(TokenIntegrityLevel),00000000,?,?), ref: 6C69F406
                                                                                                    • ConvertSidToStringSidW.ADVAPI32(?,?), ref: 6C69F420
                                                                                                    • CloseHandle.KERNEL32(?), ref: 6C69F43C
                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 6C69F443
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Token$CloseErrorHandleInformationLastOpenProcess$ConvertString
                                                                                                    • String ID:
                                                                                                    • API String ID: 1608810797-0
                                                                                                    • Opcode ID: 20559756ab78154dc926ec04b7203096d5f97690f89aa9e426a333c7dff96d28
                                                                                                    • Instruction ID: 623d14fa86b99ba16f9e0795f3a1f16c82aa651be9867bc5127e9fa3a4914ed6
                                                                                                    • Opcode Fuzzy Hash: 20559756ab78154dc926ec04b7203096d5f97690f89aa9e426a333c7dff96d28
                                                                                                    • Instruction Fuzzy Hash: E021BB30A41208BFEF019FE2DC84AFEBBB8EF06708F004066F911E2151D7719E459B69
                                                                                                    Function 6C67E6F0 Relevance: 12.6, APIs: 3, Strings: 4, Instructions: 349COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 6C67E754
                                                                                                    • GetWindowsDirectoryW.KERNEL32(?,00000104,00000000,?), ref: 6C67E798
                                                                                                    • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 6C67E7DB
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Directory$FileModuleNameSystemWindows
                                                                                                    • String ID: Internet Explorer$Microsoft$ProgramW6432$Quick Launch
                                                                                                    • API String ID: 592745672-224070340
                                                                                                    • Opcode ID: 64754ef92c43546d8272b46d9a948fb6f52dcdf2987d18459bde50fee641db90
                                                                                                    • Instruction ID: a4279a4bdd71cc322ef8af6e13a95acd372bdeddb33e9666cbecbec12db2e340
                                                                                                    • Opcode Fuzzy Hash: 64754ef92c43546d8272b46d9a948fb6f52dcdf2987d18459bde50fee641db90
                                                                                                    • Instruction Fuzzy Hash: 55C14F30258300ABD724DB65CC55FEE77E8AB42748F50092DF25196AD0EB71A90DCBAF
                                                                                                    Function 6C661E30 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 190fileCOMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000104,?), ref: 6C661E54
                                                                                                      • Part of subcall function 6C67FC31: std::invalid_argument::invalid_argument.LIBCONCRT ref: 6C67FC3D
                                                                                                      • Part of subcall function 6C67FC31: __CxxThrowException@8.LIBVCRUNTIME ref: 6C67FC4B
                                                                                                    • new.LIBCMT ref: 6C661F48
                                                                                                    • CreateFileW.KERNEL32(?,00000004,00000003,00000000,00000004,00000080,00000000), ref: 6C661F81
                                                                                                    • CreateFileW.KERNEL32(?,00000004,00000003,00000000,00000004,00000080,00000000), ref: 6C662032
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: File$Create$Exception@8ModuleNameThrowstd::invalid_argument::invalid_argument
                                                                                                    • String ID: \$debug.log$invalid string position
                                                                                                    • API String ID: 3749634790-2581654245
                                                                                                    • Opcode ID: f040c3b275e5b1c54a5456d0ad160fcc754c165a263d692983fc0325135bbc6b
                                                                                                    • Instruction ID: a29c4c832f0c1dc275e3a58b12e8b5069610f2e187f7e02d6a2fef6f2c378a28
                                                                                                    • Opcode Fuzzy Hash: f040c3b275e5b1c54a5456d0ad160fcc754c165a263d692983fc0325135bbc6b
                                                                                                    • Instruction Fuzzy Hash: DF510974A013049BDB14DF76CC94BAD77B4AF06308F204619E911A7ED0EBB0E949CB5E
                                                                                                    Function 6C69EEFE Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 104registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 6C69EF1F
                                                                                                    • RegCreateKeyExW.ADVAPI32(80000002,SOFTWARE\Google\No Chrome Offer Until,00000000,00000000,00000000,0002001F,00000000,?,?), ref: 6C69EF81
                                                                                                    • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 6C69EFD4
                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 6C69F03D
                                                                                                    Strings
                                                                                                    • SOFTWARE\Google\No Chrome Offer Until, xrefs: 6C69EF6F
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CloseCreateFileModuleNameQueryValue
                                                                                                    • String ID: SOFTWARE\Google\No Chrome Offer Until
                                                                                                    • API String ID: 2815806617-1538224596
                                                                                                    • Opcode ID: c8ceaea37de0dacb93874d8c4e243aeba18edf48d5d796bce1c069110f91990d
                                                                                                    • Instruction ID: 4ed6e3d261c6e4bd0008c4b1853c9668a6722f0062602a3b09b9b5e755f5e688
                                                                                                    • Opcode Fuzzy Hash: c8ceaea37de0dacb93874d8c4e243aeba18edf48d5d796bce1c069110f91990d
                                                                                                    • Instruction Fuzzy Hash: 193141F1A40218ABDB208B51DC49FEEB7BCEB09304F4041EBF609A6141E7705A89CF6D
                                                                                                    Function 6C6A6B55 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 78fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • SetFilePointerEx.KERNEL32(6C6A6322,6C6A6322,0000001C,?,00000000), ref: 6C6A6B7A
                                                                                                    • GetLastError.KERNEL32 ref: 6C6A6B93
                                                                                                    • SetEndOfFile.KERNEL32(6C6A6322), ref: 6C6A6BE1
                                                                                                    • GetLastError.KERNEL32 ref: 6C6A6BFA
                                                                                                    Strings
                                                                                                    • SetEndOfFile, xrefs: 6C6A6C1A
                                                                                                    • c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\file\file_io_win.cc, xrefs: 6C6A6BA0, 6C6A6C07
                                                                                                    • SetFilePointerEx, xrefs: 6C6A6BB3
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorFileLast$Pointer
                                                                                                    • String ID: SetEndOfFile$SetFilePointerEx$c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\file\file_io_win.cc
                                                                                                    • API String ID: 1697706070-3222943609
                                                                                                    • Opcode ID: f54905ca2b6cba179ba0e3970a7c12cf97d4ecad6ce32c8885ad482105568aef
                                                                                                    • Instruction ID: 39e6f5da8ef882f5f563e59d7a3b82919bcabe88e0d6df9fd87bdedff61c7d9d
                                                                                                    • Opcode Fuzzy Hash: f54905ca2b6cba179ba0e3970a7c12cf97d4ecad6ce32c8885ad482105568aef
                                                                                                    • Instruction Fuzzy Hash: AB216D319042097ADB009FFADC45FED7768DF0634CF104946E505B6DC2DB32E95A4A1D
                                                                                                    Function 6C6903A9 Relevance: 10.9, APIs: 7, Instructions: 370timeCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • _free.LIBCMT ref: 6C69042B
                                                                                                    • _free.LIBCMT ref: 6C69044F
                                                                                                    • _free.LIBCMT ref: 6C6905D6
                                                                                                    • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,6C6AF9F4), ref: 6C6905E8
                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,6C6BEC4C,000000FF,00000000,0000003F,00000000,?,?), ref: 6C690660
                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,6C6BECA0,000000FF,?,0000003F,00000000,?), ref: 6C69068D
                                                                                                    • _free.LIBCMT ref: 6C6907A2
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: _free$ByteCharMultiWide$InformationTimeZone
                                                                                                    • String ID:
                                                                                                    • API String ID: 314583886-0
                                                                                                    • Opcode ID: c9c2f52daf83cc011a8b06ae6761e0ca8724a5d30f2068da642ac6237add0981
                                                                                                    • Instruction ID: 355bf252a192c7789be883cb3ff181e5613050fbb7beaba714265935ea140fc6
                                                                                                    • Opcode Fuzzy Hash: c9c2f52daf83cc011a8b06ae6761e0ca8724a5d30f2068da642ac6237add0981
                                                                                                    • Instruction Fuzzy Hash: 63C14971A05286EFDB108F79C840AEE7BB8EF4B718F2441AAD590D7A41E7309945CB6C
                                                                                                    Function 6C6759B0 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 291COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 6C674CA0: AcquireSRWLockExclusive.KERNEL32(00000000,00000001,0000000F), ref: 6C674CBC
                                                                                                      • Part of subcall function 6C674CA0: ReleaseSRWLockExclusive.KERNEL32(00000000), ref: 6C674D21
                                                                                                      • Part of subcall function 6C674E80: AcquireSRWLockExclusive.KERNEL32(00000000,00000000,00000000,00000000), ref: 6C674EDB
                                                                                                      • Part of subcall function 6C674E80: ReleaseSRWLockExclusive.KERNEL32(00000000), ref: 6C674F0A
                                                                                                      • Part of subcall function 6C674E80: AcquireSRWLockExclusive.KERNEL32(00000000,00000000,00000000,00000000), ref: 6C674FCD
                                                                                                      • Part of subcall function 6C674E80: ReleaseSRWLockExclusive.KERNEL32(00000000), ref: 6C67500A
                                                                                                    • AcquireSRWLockExclusive.KERNEL32(00000000), ref: 6C675BFA
                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(00000000), ref: 6C675C1E
                                                                                                    • AcquireSRWLockExclusive.KERNEL32(00000000), ref: 6C675C47
                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(00000000), ref: 6C675C6B
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ExclusiveLock$AcquireRelease
                                                                                                    • String ID: Gpgl$Gpgl
                                                                                                    • API String ID: 17069307-3376809913
                                                                                                    • Opcode ID: 1135dfe500c6ce2911b043f1119676120b3ba522c6929c5ccec08fe2d6b3fdae
                                                                                                    • Instruction ID: 4ba22ee8b60a1a599a787c93d886d54d786b22290577fa98dbebdfdc0cb69b82
                                                                                                    • Opcode Fuzzy Hash: 1135dfe500c6ce2911b043f1119676120b3ba522c6929c5ccec08fe2d6b3fdae
                                                                                                    • Instruction Fuzzy Hash: 4BB19370F00609DBCB14CF69D4D47AEB7B1BF86308F148ABAD405ABB40DB359945CBA9
                                                                                                    Function 6C699DD6 Relevance: 10.7, APIs: 7, Instructions: 204COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: _free
                                                                                                    • String ID:
                                                                                                    • API String ID: 269201875-0
                                                                                                    • Opcode ID: a3dbd55d0c02c321a103b0fbae7191c68b4152ce766c616c28bc63b55695fbd7
                                                                                                    • Instruction ID: 2fdb2775d38cd8cc4ea2aaff74efd0a10e41f1b8526f81ef078db05458313cf4
                                                                                                    • Opcode Fuzzy Hash: a3dbd55d0c02c321a103b0fbae7191c68b4152ce766c616c28bc63b55695fbd7
                                                                                                    • Instruction Fuzzy Hash: 3461E071A05206AFDB20CF69C840B9EFBF5EF46728F14016AE859EB740E7709945CB68
                                                                                                    Function 6C689040 Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetConsoleCP.KERNEL32 ref: 6C689082
                                                                                                    • __fassign.LIBCMT ref: 6C6890FD
                                                                                                    • __fassign.LIBCMT ref: 6C689118
                                                                                                    • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,?,00000005,00000000,00000000), ref: 6C68913E
                                                                                                    • WriteFile.KERNEL32(?,?,00000000,6C6897B5,00000000), ref: 6C68915D
                                                                                                    • WriteFile.KERNEL32(?,?,00000001,6C6897B5,00000000), ref: 6C689196
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                    • String ID:
                                                                                                    • API String ID: 1324828854-0
                                                                                                    • Opcode ID: 5883627ee6a1bfae80f236a6bdea08e9a94d92e8fd59efabb50d9a2bd44e5bbc
                                                                                                    • Instruction ID: 844f07a067a5945a9f311420ee9c8ee7bc5184b91c7b045b943ce190ff34c556
                                                                                                    • Opcode Fuzzy Hash: 5883627ee6a1bfae80f236a6bdea08e9a94d92e8fd59efabb50d9a2bd44e5bbc
                                                                                                    • Instruction Fuzzy Hash: EC51D770A052499FDF10CFA8C885AEEFBF8FF0A314F14415AE995E7641D730A941CBA8
                                                                                                    Function 6C67B420 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 146COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: false$null$true
                                                                                                    • API String ID: 0-2913297407
                                                                                                    • Opcode ID: b31eb56165dfe1aae5570b0a8bbfb6f2c21cff5aad11942d1b35dae87b6e26bc
                                                                                                    • Instruction ID: 6aef6d9060c38584cdc7a66b61f2d3f171c89687f6b5b069105eb43434fe2592
                                                                                                    • Opcode Fuzzy Hash: b31eb56165dfe1aae5570b0a8bbfb6f2c21cff5aad11942d1b35dae87b6e26bc
                                                                                                    • Instruction Fuzzy Hash: B25117B69053099FD720CF68D440BDAF7F4EF85308F048A6AC85597A01E731B659CB6C
                                                                                                    Function 6C6A02FF Relevance: 10.6, APIs: 7, Instructions: 141sleepCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CoInitializeEx.OLE32(00000000,00000002), ref: 6C6A0349
                                                                                                    • CoUninitialize.OLE32 ref: 6C6A038E
                                                                                                    • LaunchGoogleChrome.GCAPI(00000001,00000000,?,00000000), ref: 6C6A0381
                                                                                                      • Part of subcall function 6C69FFEC: CoInitializeEx.OLE32(00000000,00000002), ref: 6C6A0024
                                                                                                      • Part of subcall function 6C69FFEC: CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000006,00000002,00000000,00000040,00000000), ref: 6C6A0039
                                                                                                      • Part of subcall function 6C69FFEC: GetCurrentProcessId.KERNEL32(?), ref: 6C6A0064
                                                                                                      • Part of subcall function 6C69FFEC: GetShellWindow.USER32 ref: 6C6A0087
                                                                                                      • Part of subcall function 6C69FFEC: GetWindowThreadProcessId.USER32(00000000), ref: 6C6A008E
                                                                                                      • Part of subcall function 6C69FFEC: LocalFree.KERNEL32(?), ref: 6C6A00A2
                                                                                                      • Part of subcall function 6C69FFEC: CoUninitialize.OLE32 ref: 6C6A02D1
                                                                                                    • CoUninitialize.OLE32 ref: 6C6A03AF
                                                                                                    • LaunchGoogleChrome.GCAPI ref: 6C6A03C9
                                                                                                    • EnumWindows.USER32(6C69F056,?), ref: 6C6A044C
                                                                                                    • Sleep.KERNEL32(0000000A), ref: 6C6A046A
                                                                                                      • Part of subcall function 6C6688E0: new.LIBCMT ref: 6C668900
                                                                                                      • Part of subcall function 6C6688E0: new.LIBCMT ref: 6C66893C
                                                                                                      • Part of subcall function 6C6688E0: new.LIBCMT ref: 6C668979
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: InitializeUninitialize$ChromeGoogleLaunchProcessWindow$CurrentEnumFreeLocalSecurityShellSleepThreadWindows
                                                                                                    • String ID:
                                                                                                    • API String ID: 1477501081-0
                                                                                                    • Opcode ID: 8b759e01dde0d763c631de0f6d04c21bb6ed5ee22568a7505db2ee36d86e4413
                                                                                                    • Instruction ID: c977c71fcb8d7b53fa02055fdd7bfce326dc85f98d81c368973f90141c169c56
                                                                                                    • Opcode Fuzzy Hash: 8b759e01dde0d763c631de0f6d04c21bb6ed5ee22568a7505db2ee36d86e4413
                                                                                                    • Instruction Fuzzy Hash: 6351A331D0529D9FCF00CFF5E890ADDBBB8BF06318F14012AE912A7A81DB71594ACB59
                                                                                                    Function 6C6A767F Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 139COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ExpandEnvironmentStringsW.KERNEL32(%LOCALAPPDATA%,00000000,00000000,00000000,?,?,?,?,?,?,?,6C6A7616,?,6C6AFB90,000000FF,6C6B8A68), ref: 6C6A769E
                                                                                                    • ExpandEnvironmentStringsW.KERNEL32(%LOCALAPPDATA%,00000000,00000000,?,?,?,?,?,6C6A7616,?,6C6AFB90,000000FF,6C6B8A68,00000000,Software\Google\Update\ClientState), ref: 6C6A76C8
                                                                                                    • GetTempPathW.KERNEL32(00000000,00000000), ref: 6C6A76E9
                                                                                                    • GetTempPathW.KERNEL32(00000001,00000000), ref: 6C6A7718
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: EnvironmentExpandPathStringsTemp
                                                                                                    • String ID: %LOCALAPPDATA%$User Data
                                                                                                    • API String ID: 442586119-612141592
                                                                                                    • Opcode ID: b2bfac61c8c8dfcc18d653ef5ce0d41d7b4faec9ca9b6a2d0897c1eadddd4b17
                                                                                                    • Instruction ID: 656e9fb3f6fd8c509920d70f6cc3fdc066ce0b43e95607fb5b2376649d93dc93
                                                                                                    • Opcode Fuzzy Hash: b2bfac61c8c8dfcc18d653ef5ce0d41d7b4faec9ca9b6a2d0897c1eadddd4b17
                                                                                                    • Instruction Fuzzy Hash: D13137313021106FDB145ABA9C95EBF76ACDF83658F20012EE802DBA85DF74DC0586BD
                                                                                                    Function 6C69F1A9 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 112COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetFileVersionInfoSizeW.VERSION(?,?,?,00000000,00000000,?,6C69EF48,?,?,00000208), ref: 6C69F1D9
                                                                                                    • GetFileVersionInfoW.VERSION(?,?,00002000,?,?,?,00000208), ref: 6C69F217
                                                                                                    • VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,?,?,?,00002000,?,?,?,00000208), ref: 6C69F24A
                                                                                                    • VerQueryValueW.VERSION(?,?,?,?,\VarFileInfo\Translation,?,?,?,?,00002000,?,?,?,00000208), ref: 6C69F2C1
                                                                                                    Strings
                                                                                                    • \VarFileInfo\Translation, xrefs: 6C69F23E
                                                                                                    • \StringFileInfo\%02X%02X%02X%02X\CompanyName, xrefs: 6C69F286
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: FileInfoQueryValueVersion$Size
                                                                                                    • String ID: \StringFileInfo\%02X%02X%02X%02X\CompanyName$\VarFileInfo\Translation
                                                                                                    • API String ID: 2099394744-937506062
                                                                                                    • Opcode ID: 6d8aa365bac8cf949dbcf5e39d2ae13b8dd1a2cadbf68b0cbdb8aae04fc4de3b
                                                                                                    • Instruction ID: 8662d61f33d52bc9f6be7ae146fb22bef721ce628aa40eeae6a36a7b97e4cec5
                                                                                                    • Opcode Fuzzy Hash: 6d8aa365bac8cf949dbcf5e39d2ae13b8dd1a2cadbf68b0cbdb8aae04fc4de3b
                                                                                                    • Instruction Fuzzy Hash: 4231A2F5A01219ABDB20DE95CC44EDB73FCAB45300F9105D6FA24E3641DA30DA85CB6E
                                                                                                    Function 6C6A411C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 98fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CreateFileW.KERNEL32(?,C0000000,00000003,00000000,00000004,00000080,00000000), ref: 6C6A4149
                                                                                                    • LockFileEx.KERNEL32(00000000,00000002,00000000,000000FF,000000FF,?), ref: 6C6A417F
                                                                                                    • GetLastError.KERNEL32 ref: 6C6A4198
                                                                                                    • new.LIBCMT ref: 6C6A41D9
                                                                                                    Strings
                                                                                                    • c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\client\crash_report_database_win.cc, xrefs: 6C6A41A5
                                                                                                    • LockFileEx, xrefs: 6C6A41B8
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: File$CreateErrorLastLock
                                                                                                    • String ID: LockFileEx$c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\client\crash_report_database_win.cc
                                                                                                    • API String ID: 3875127904-1259685872
                                                                                                    • Opcode ID: 0d21f776b1ccb2d9f55227a3713dd6726b451204ce49ddafa18d83fc4588cf81
                                                                                                    • Instruction ID: 32c3f53c0cfe5c79b98e33d8d23a203efaa557a5b2919873086832e03bf27ee9
                                                                                                    • Opcode Fuzzy Hash: 0d21f776b1ccb2d9f55227a3713dd6726b451204ce49ddafa18d83fc4588cf81
                                                                                                    • Instruction Fuzzy Hash: F331D6716043147FD7108FF9DC55BAAB7A4AB05728F100619E625ABAC0DA70ED058B9D
                                                                                                    Function 6C667950 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 93COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Getcvt
                                                                                                    • String ID: false$true
                                                                                                    • API String ID: 1921796781-2658103896
                                                                                                    • Opcode ID: 9eaaf20fec800b2a9e4701502434f604e41b0b9932a8fee56fff17cf93538620
                                                                                                    • Instruction ID: fb1e3950353cfb40041b284e1479040c7233e97758c727121109be252a3ac21f
                                                                                                    • Opcode Fuzzy Hash: 9eaaf20fec800b2a9e4701502434f604e41b0b9932a8fee56fff17cf93538620
                                                                                                    • Instruction Fuzzy Hash: 8A3199319042445FDB10CF69C440BAABFA49F47308F18C49ED9945FF46D776D90887AA
                                                                                                    Function 6C6674E0 Relevance: 10.6, APIs: 7, Instructions: 87COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 6C6674EE
                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 6C66750A
                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 6C66752A
                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 6C667571
                                                                                                    • std::_Facet_Register.LIBCPMT ref: 6C6675AD
                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 6C6675B8
                                                                                                    • _abort.LIBCMT ref: 6C6675C6
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: std::_$Lockit$Lockit::~_$Lockit::_$Facet_Register_abort
                                                                                                    • String ID:
                                                                                                    • API String ID: 954195503-0
                                                                                                    • Opcode ID: e6a908278fb978565059c36796362514de5e35ba0d2bdff33985b14cdf6c31c2
                                                                                                    • Instruction ID: 9065f601613c301876ee67c4203846c2c14c5dff82c2c3d674e0cccfd3a945ef
                                                                                                    • Opcode Fuzzy Hash: e6a908278fb978565059c36796362514de5e35ba0d2bdff33985b14cdf6c31c2
                                                                                                    • Instruction Fuzzy Hash: 2A31CE76A001149FCB10DF5AC980999B3B4EF46328F144599D80997B10DF30AA46CB9F
                                                                                                    Function 6C67E580 Relevance: 10.6, APIs: 7, Instructions: 87COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 6C67E58E
                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 6C67E5AA
                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 6C67E5CA
                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 6C67E611
                                                                                                    • std::_Facet_Register.LIBCPMT ref: 6C67E64D
                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 6C67E658
                                                                                                    • _abort.LIBCMT ref: 6C67E666
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: std::_$Lockit$Lockit::~_$Lockit::_$Facet_Register_abort
                                                                                                    • String ID:
                                                                                                    • API String ID: 954195503-0
                                                                                                    • Opcode ID: def8e327cdbac6f8a4599dd93c3dbe6fd4eea3e49bab3e6577a64f35a951ba26
                                                                                                    • Instruction ID: d52092762198aa8ec3a67739e4028a3c2bd430f01026a8f9c95140f0baceba1f
                                                                                                    • Opcode Fuzzy Hash: def8e327cdbac6f8a4599dd93c3dbe6fd4eea3e49bab3e6577a64f35a951ba26
                                                                                                    • Instruction Fuzzy Hash: 0131DF31A051149FCB21DF59D580DDDB7B4EB06328F144999E8059BB11EB31AF0ACBEE
                                                                                                    Function 6C6673E0 Relevance: 10.6, APIs: 7, Instructions: 87COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 6C6673EE
                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 6C66740A
                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 6C66742A
                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 6C667471
                                                                                                    • std::_Facet_Register.LIBCPMT ref: 6C6674AD
                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 6C6674B8
                                                                                                    • _abort.LIBCMT ref: 6C6674C6
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: std::_$Lockit$Lockit::~_$Lockit::_$Facet_Register_abort
                                                                                                    • String ID:
                                                                                                    • API String ID: 954195503-0
                                                                                                    • Opcode ID: 9a301bfb291854be1878307fdc4517fd0619eaa0ca5d19ae9f41e1f71bceb35f
                                                                                                    • Instruction ID: cbac1175e18a55e5f7fefbc410ff8f7b5baf1d0f52350e70a8ee5eb6428963b4
                                                                                                    • Opcode Fuzzy Hash: 9a301bfb291854be1878307fdc4517fd0619eaa0ca5d19ae9f41e1f71bceb35f
                                                                                                    • Instruction Fuzzy Hash: 1931E335A055149BCB11DF5AC488D9DBBB4EF06328F1446A9D80997F11DB30AE0ACBDF
                                                                                                    Function 6C69A2AB Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 6C699FF2: _free.LIBCMT ref: 6C69A01B
                                                                                                    • _free.LIBCMT ref: 6C69A2F9
                                                                                                      • Part of subcall function 6C68CBA5: HeapFree.KERNEL32(00000000,00000000), ref: 6C68CBBB
                                                                                                      • Part of subcall function 6C68CBA5: GetLastError.KERNEL32(00000000,?,6C69A020,00000000,00000000,00000000,00000000,?,6C69A2C4,00000000,00000007,00000000,?,6C698081,00000000,00000000), ref: 6C68CBCD
                                                                                                    • _free.LIBCMT ref: 6C69A304
                                                                                                    • _free.LIBCMT ref: 6C69A30F
                                                                                                    • _free.LIBCMT ref: 6C69A363
                                                                                                    • _free.LIBCMT ref: 6C69A36E
                                                                                                    • _free.LIBCMT ref: 6C69A379
                                                                                                    • _free.LIBCMT ref: 6C69A384
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                                                    • String ID:
                                                                                                    • API String ID: 776569668-0
                                                                                                    • Opcode ID: 9f76696241dda59e37702b6c7b8591e1945ed59e411e7bea7a02caf6cd15d4c2
                                                                                                    • Instruction ID: ad5a13397ff683d022bc6b76a85db818d2162052e319874c1d3dc4883189e357
                                                                                                    • Opcode Fuzzy Hash: 9f76696241dda59e37702b6c7b8591e1945ed59e411e7bea7a02caf6cd15d4c2
                                                                                                    • Instruction Fuzzy Hash: 01115E31542F14BEE921A7B0CC45FCBB79D5F4270CF804924B29FB6A50DB24A50DD65C
                                                                                                    Function 6C6855A6 Relevance: 10.6, APIs: 7, Instructions: 60COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetLastError.KERNEL32(00000001,?,6C68548D,6C680D47,6C68093D,?,6C680B4D,?,00000001,?,?,00000001,?,6C6BB430,0000000C,6C680C56), ref: 6C6855B4
                                                                                                    • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 6C6855C2
                                                                                                    • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 6C6855DB
                                                                                                    • SetLastError.KERNEL32(00000000,6C680B4D,?,00000001,?,?,00000001,?,6C6BB430,0000000C,6C680C56,?,00000001,?), ref: 6C68562D
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLastValue___vcrt_
                                                                                                    • String ID:
                                                                                                    • API String ID: 3852720340-0
                                                                                                    • Opcode ID: 4f05fbe0f3c778cb14785fe9a24b7b29f6f772bcf35085153aa6a2ea1b94da24
                                                                                                    • Instruction ID: ca01bbb336b45696c718c8e6e965f90fceb912d44d6b49c0bc44eed9e6888586
                                                                                                    • Opcode Fuzzy Hash: 4f05fbe0f3c778cb14785fe9a24b7b29f6f772bcf35085153aa6a2ea1b94da24
                                                                                                    • Instruction Fuzzy Hash: 1201F13270F3516EFB1019B6AC84A8A3A69DB47378F20033AE42648AE4EF51484585AC
                                                                                                    Function 6C67F0D2 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 50COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
                                                                                                    • API String ID: 0-1718035505
                                                                                                    • Opcode ID: d67afbd5e505cadc4a145fe3006ec75dcd0019bea8e92918ad4ea2035e4f1cb2
                                                                                                    • Instruction ID: d6927a9b30827759729f61155c483d0b7edc62deb23f1106ac2eab2de083f976
                                                                                                    • Opcode Fuzzy Hash: d67afbd5e505cadc4a145fe3006ec75dcd0019bea8e92918ad4ea2035e4f1cb2
                                                                                                    • Instruction Fuzzy Hash: 5601F47234A2225B5F715DBB88D8D9627B89A4735DB200D3BE510D7A00D711C4069EBE
                                                                                                    Function 6C6861B6 Relevance: 9.3, APIs: 6, Instructions: 264COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __allrem.LIBCMT ref: 6C686343
                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C68635F
                                                                                                    • __allrem.LIBCMT ref: 6C686376
                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C686394
                                                                                                    • __allrem.LIBCMT ref: 6C6863AB
                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C6863C9
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                    • String ID:
                                                                                                    • API String ID: 1992179935-0
                                                                                                    • Opcode ID: f7672b970583daad0a5493cda401f76377b1b79e7d24a194dd0dc409d21125cd
                                                                                                    • Instruction ID: d29ee954d53d5f6d9d8fc69432c37943902640278856df78cbfe3eff1d0943e0
                                                                                                    • Opcode Fuzzy Hash: f7672b970583daad0a5493cda401f76377b1b79e7d24a194dd0dc409d21125cd
                                                                                                    • Instruction Fuzzy Hash: 3C811871A167069BE3108E68CC50BDAB3F9AF46328F24462EE650D6F80EB70D904877C
                                                                                                    Function 6C67C070 Relevance: 9.2, APIs: 6, Instructions: 178COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 6C67C2B0: Sleep.KERNEL32(00000000,?,?,?,6C67C09F,?,00000000,?), ref: 6C67C2F2
                                                                                                    • AcquireSRWLockExclusive.KERNEL32(00000000,?,00000000,?), ref: 6C67C0C4
                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(00000000,?,00000000,000000FF,?,?), ref: 6C67C105
                                                                                                      • Part of subcall function 6C66F000: GetCurrentDirectoryW.KERNEL32(00000104,?,?), ref: 6C66F02B
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ExclusiveLock$AcquireCurrentDirectoryReleaseSleep
                                                                                                    • String ID:
                                                                                                    • API String ID: 1427338700-0
                                                                                                    • Opcode ID: 97c16bb4006a5ca3285bc6bc2699498fb10d25c9f4a2561209b106665ce09400
                                                                                                    • Instruction ID: 271fce5f4e065f8b1f5686ab40628288628cf3ffbdfb9bcc81695cf23f71fb1c
                                                                                                    • Opcode Fuzzy Hash: 97c16bb4006a5ca3285bc6bc2699498fb10d25c9f4a2561209b106665ce09400
                                                                                                    • Instruction Fuzzy Hash: 7051BB35209241ABD730DF65D854FEEB3A4AF86318F104A2DD56A97A80DB316444CBBE
                                                                                                    Function 6C674E80 Relevance: 9.1, APIs: 6, Instructions: 129COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • AcquireSRWLockExclusive.KERNEL32(00000000,00000000,00000000,00000000), ref: 6C674EDB
                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(00000000), ref: 6C674F0A
                                                                                                    • AcquireSRWLockExclusive.KERNEL32(00000000,00000000,00000000,00000000), ref: 6C674F5A
                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(00000000), ref: 6C674F91
                                                                                                    • AcquireSRWLockExclusive.KERNEL32(00000000,00000000,00000000,00000000), ref: 6C674FCD
                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(00000000), ref: 6C67500A
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ExclusiveLock$AcquireRelease
                                                                                                    • String ID:
                                                                                                    • API String ID: 17069307-0
                                                                                                    • Opcode ID: f0fe2f5355aed1b19feee5f736a6e82a3e05a316a532001aae3d79facc825872
                                                                                                    • Instruction ID: c7f1f1191d933c4b7a84f969c0c501fa9c122a0eecc44633676840bc32768f70
                                                                                                    • Opcode Fuzzy Hash: f0fe2f5355aed1b19feee5f736a6e82a3e05a316a532001aae3d79facc825872
                                                                                                    • Instruction Fuzzy Hash: 6B4104B1E01200CBCB21DFAAC4887AEB7B4AF86318F144559D854E7B80DF749D048FAE
                                                                                                    Function 6C6A2974 Relevance: 9.1, APIs: 1, Strings: 5, Instructions: 73COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,00000001), ref: 6C6A29F9
                                                                                                    Strings
                                                                                                    • c:\b\build\slave\win\build\src\chrome\installer\util\google_chrome_distribution.cc, xrefs: 6C6A2A03
                                                                                                    • Dskl, xrefs: 6C6A29C3
                                                                                                    • microsoft-edge:, xrefs: 6C6A2991
                                                                                                    • Failed to launch Edge for uninstall survey, xrefs: 6C6A2A16
                                                                                                    • <, xrefs: 6C6A29A4
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLast
                                                                                                    • String ID: <$Dskl$Failed to launch Edge for uninstall survey$c:\b\build\slave\win\build\src\chrome\installer\util\google_chrome_distribution.cc$microsoft-edge:
                                                                                                    • API String ID: 1452528299-1935706543
                                                                                                    • Opcode ID: b0797b909ac5b133ebc850a2875f277677440fc2842c31502a238532503ff20d
                                                                                                    • Instruction ID: 9fcbb19d21163a2ef1bd963964ad0f9121b31e0abee05fa9ba97c6010b23b591
                                                                                                    • Opcode Fuzzy Hash: b0797b909ac5b133ebc850a2875f277677440fc2842c31502a238532503ff20d
                                                                                                    • Instruction Fuzzy Hash: EC218074A40208AEDB10CFE5CC56BEEB7B8AF06308F400459E615AAA81DB7599498B6D
                                                                                                    Function 6C68FBB0 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetLastError.KERNEL32(00000008,6C661DE7,6C68EBE2,6C685DC7), ref: 6C68FBB4
                                                                                                    • _free.LIBCMT ref: 6C68FBE7
                                                                                                    • _free.LIBCMT ref: 6C68FC0F
                                                                                                    • SetLastError.KERNEL32(00000000,00000008,6C661DE7), ref: 6C68FC1C
                                                                                                    • SetLastError.KERNEL32(00000000,00000008,6C661DE7), ref: 6C68FC28
                                                                                                    • _abort.LIBCMT ref: 6C68FC2E
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLast$_free$_abort
                                                                                                    • String ID:
                                                                                                    • API String ID: 3160817290-0
                                                                                                    • Opcode ID: 4e23dd6047548967785214ca65fa77d9ca67ec432de66fee604d47ad82b00cfc
                                                                                                    • Instruction ID: abd42a3feec00b480e75d756975dff21588411ecee78941b4c5b5b5e4621e96e
                                                                                                    • Opcode Fuzzy Hash: 4e23dd6047548967785214ca65fa77d9ca67ec432de66fee604d47ad82b00cfc
                                                                                                    • Instruction Fuzzy Hash: DEF02D3134B90137D701226A5C48F9F227ADFC37B9F250124F914A2B85EF708909453F
                                                                                                    Function 6C66F520 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 203COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: vector<T> too long
                                                                                                    • API String ID: 0-3788999226
                                                                                                    • Opcode ID: 82b8fb6f04acab50c38fccb0063fcf33bf6f339280b2eb33bd4f4ec36ddeb3e1
                                                                                                    • Instruction ID: 36b4a16144738637621f0fdfa4522c31ebb65593c855e928a989b764dddaa152
                                                                                                    • Opcode Fuzzy Hash: 82b8fb6f04acab50c38fccb0063fcf33bf6f339280b2eb33bd4f4ec36ddeb3e1
                                                                                                    • Instruction Fuzzy Hash: 07511D726053015BD7108EB99C80F5BB7E9AFC5368F100A29F96897B90EB71D904876F
                                                                                                    Function 6C6620B0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 164fileCOMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CloseDeleteFileHandle
                                                                                                    • String ID: vmodule
                                                                                                    • API String ID: 2633145722-2939338212
                                                                                                    • Opcode ID: e362adcf24ba4b1205d249f2f4dc09877ab60d289145c6e0f9f0eace02f0e273
                                                                                                    • Instruction ID: 684f7016be9f2a3362c9b40a3ad57ae9c11feafa7634671f807f98c996352a7a
                                                                                                    • Opcode Fuzzy Hash: e362adcf24ba4b1205d249f2f4dc09877ab60d289145c6e0f9f0eace02f0e273
                                                                                                    • Instruction Fuzzy Hash: A351E3746093019FCB04CF26C488B9BB7F9BB86308F00491EE95597AA0DB75D449CB9F
                                                                                                    Function 6C6A4485 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 126COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetFileAttributesW.KERNEL32(6C6AFB90,00000000,00000000,00000004), ref: 6C6A44B0
                                                                                                    • GetLastError.KERNEL32 ref: 6C6A44CE
                                                                                                    Strings
                                                                                                    • : not a directory, xrefs: 6C6A4571
                                                                                                    • c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\client\crash_report_database_win.cc, xrefs: 6C6A44DB, 6C6A4561
                                                                                                    • GetFileAttributes , xrefs: 6C6A4507, 6C6A4592
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AttributesErrorFileLast
                                                                                                    • String ID: : not a directory$GetFileAttributes $c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\client\crash_report_database_win.cc
                                                                                                    • API String ID: 1799206407-2199784763
                                                                                                    • Opcode ID: 02b4c72bf981f455e84dc20659a1643d7cfba5c8fad698aadae70d87336e9130
                                                                                                    • Instruction ID: f641c99b5d24c408409258e3ba507a013a751ad5664cb63864123db55546572f
                                                                                                    • Opcode Fuzzy Hash: 02b4c72bf981f455e84dc20659a1643d7cfba5c8fad698aadae70d87336e9130
                                                                                                    • Instruction Fuzzy Hash: D9312672A003046ADB049AB6EC56FFA73AC9F02328F10025AF51566EC1DF716D49866D
                                                                                                    Function 6C68D347 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 116COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\f_0002b5.exe,00000104), ref: 6C68D387
                                                                                                    • _free.LIBCMT ref: 6C68D452
                                                                                                    • _free.LIBCMT ref: 6C68D45C
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: _free$FileModuleName
                                                                                                    • String ID: (,F$C:\Users\user\Desktop\f_0002b5.exe
                                                                                                    • API String ID: 2506810119-110030343
                                                                                                    • Opcode ID: cfd1853605501c708e94f53109030437277af96cb088a57c96ba91002f0f4f34
                                                                                                    • Instruction ID: 7a49096be8c0427e52039f7ce415a9f38f5389cecb10227a26f1f994b39a26e2
                                                                                                    • Opcode Fuzzy Hash: cfd1853605501c708e94f53109030437277af96cb088a57c96ba91002f0f4f34
                                                                                                    • Instruction Fuzzy Hash: 70317E71A02619EFDB11DF9A8880DDEBBF8EF86714F1041A7E905A7600D7709A44CBBC
                                                                                                    Function 6C685300 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 115COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 6C68532B
                                                                                                    • __IsNonwritableInCurrentImage.LIBCMT ref: 6C6853A5
                                                                                                      • Part of subcall function 6C69E550: __FindPESection.LIBCMT ref: 6C69E5A9
                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 6C685419
                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 6C685444
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CookiesLocalValidate$CurrentFindImageNonwritableSection
                                                                                                    • String ID: csm
                                                                                                    • API String ID: 1685366865-1018135373
                                                                                                    • Opcode ID: c2e6f22b4b275389952006683b04bc647090fed3fb241bafa215e586395a1249
                                                                                                    • Instruction ID: 764f430bb1e5ffcc37cc1bf0ca626c8be57ca9c55570b4c5637656a6f6d60c73
                                                                                                    • Opcode Fuzzy Hash: c2e6f22b4b275389952006683b04bc647090fed3fb241bafa215e586395a1249
                                                                                                    • Instruction Fuzzy Hash: 2B41E634A02218ABDF00CF59C890ADEBBB4AF46328F148155E916ABB51D771DA15CFB8
                                                                                                    Function 6C6A421A Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 87COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CreateDirectoryW.KERNEL32(6C6AFB90,00000000,?,00000000,00000004), ref: 6C6A4247
                                                                                                    • GetLastError.KERNEL32(?,00000000,00000004), ref: 6C6A4258
                                                                                                    • GetLastError.KERNEL32(?,00000000,00000004), ref: 6C6A4278
                                                                                                    Strings
                                                                                                    • c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\client\crash_report_database_win.cc, xrefs: 6C6A4285
                                                                                                    • CreateDirectory , xrefs: 6C6A42B1
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLast$CreateDirectory
                                                                                                    • String ID: CreateDirectory $c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\client\crash_report_database_win.cc
                                                                                                    • API String ID: 1306683694-1373056967
                                                                                                    • Opcode ID: c4ed399abc9d8ec1aea50b0bf1fc2d8bbe9617482f0fd7ed5bd740d0d900c283
                                                                                                    • Instruction ID: 6ad2530ca1641714e7f4efd5a6aa3f79f38952275a1f32c4d957cb582ebeac81
                                                                                                    • Opcode Fuzzy Hash: c4ed399abc9d8ec1aea50b0bf1fc2d8bbe9617482f0fd7ed5bd740d0d900c283
                                                                                                    • Instruction Fuzzy Hash: 3A21F531609304AADB009EF6DC56BFE73ACDF43318F10011AA415A6EC1DFB4AC49866E
                                                                                                    Function 6C6A691E Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 76COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __vwprintf_l.LIBCMT ref: 6C6A6946
                                                                                                    • GetLastError.KERNEL32(?,0000001C,0000001C,00000000), ref: 6C6A6963
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLast__vwprintf_l
                                                                                                    • String ID: CreateFile $J`jl$c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\file\file_io_win.cc
                                                                                                    • API String ID: 3407089876-3330210477
                                                                                                    • Opcode ID: 5ace62035dcd5a8eec3560ed3bd20c802dcd3590c0ba70c20dc6d959aedda9bf
                                                                                                    • Instruction ID: 50f42f59987fdcdda2d99e72f9e880eb71f170487aadc3474ee06f6d71513cb1
                                                                                                    • Opcode Fuzzy Hash: 5ace62035dcd5a8eec3560ed3bd20c802dcd3590c0ba70c20dc6d959aedda9bf
                                                                                                    • Instruction Fuzzy Hash: 53112771A013096EDB10DFB5DC46FEE73A8DF05328F10061AF920A7AC1EB319D08866D
                                                                                                    Function 6C689EEF Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,6C689EA0,6C661DE7,?,6C689E40,6C661DE7,6C6BB670,0000000C,6C689F88,6C661DE7,00000002), ref: 6C689F0F
                                                                                                    • GetProcAddress.KERNEL32(00000000,CorExitProcess,00000000,?,?,?,6C689EA0,6C661DE7,?,6C689E40,6C661DE7,6C6BB670,0000000C,6C689F88,6C661DE7,00000002), ref: 6C689F22
                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,?,6C689EA0,6C661DE7,?,6C689E40,6C661DE7,6C6BB670,0000000C,6C689F88,6C661DE7,00000002,00000000), ref: 6C689F45
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                    • String ID: CorExitProcess$mscoree.dll
                                                                                                    • API String ID: 4061214504-1276376045
                                                                                                    • Opcode ID: a7d42503d5a2bbc051a3382655af809706186fc28f83df10f6016f4735930c51
                                                                                                    • Instruction ID: f4f1a6c1d7ffd31f78b292735e9f0a0e7000ac336fa9e718f4d501769c222d9b
                                                                                                    • Opcode Fuzzy Hash: a7d42503d5a2bbc051a3382655af809706186fc28f83df10f6016f4735930c51
                                                                                                    • Instruction Fuzzy Hash: E4F0AF30A16208FBCF019FA2DC48BAEBFB4EB4930AF104065E805A2141CB349945CFAC
                                                                                                    Function 6C68DD5F Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 28COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 6C68DDC4: _free.LIBCMT ref: 6C68DDF9
                                                                                                    • _free.LIBCMT ref: 6C68DD7A
                                                                                                      • Part of subcall function 6C68CBA5: HeapFree.KERNEL32(00000000,00000000), ref: 6C68CBBB
                                                                                                      • Part of subcall function 6C68CBA5: GetLastError.KERNEL32(00000000,?,6C69A020,00000000,00000000,00000000,00000000,?,6C69A2C4,00000000,00000007,00000000,?,6C698081,00000000,00000000), ref: 6C68CBCD
                                                                                                    • _free.LIBCMT ref: 6C68DD8D
                                                                                                    • _free.LIBCMT ref: 6C68DD9E
                                                                                                    • _free.LIBCMT ref: 6C68DDAF
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                                                    • String ID: kl
                                                                                                    • API String ID: 776569668-1450203147
                                                                                                    • Opcode ID: b3b876169c82d57c8a18bec43a89e6b2df6735d0477f4caa0687659337b30e49
                                                                                                    • Instruction ID: 951b81ebedad3a8308a4d531cf5ae6f7d0cea50aa9cd40da94a4dac2644a9099
                                                                                                    • Opcode Fuzzy Hash: b3b876169c82d57c8a18bec43a89e6b2df6735d0477f4caa0687659337b30e49
                                                                                                    • Instruction Fuzzy Hash: BAF01271713914BADB116F56CC84C8937B9E747504B000E96F81262701DBB916398BED
                                                                                                    Function 6C6945ED Relevance: 7.7, APIs: 5, Instructions: 222COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 1de3a61b3dfc4684b96ca478562ac222ca4158c5428daa2a7880d342b6b5e02c
                                                                                                    • Instruction ID: f6423d5c5d4a6a85ca737614c608558405d09f5415c95290032f3a56c1c69c62
                                                                                                    • Opcode Fuzzy Hash: 1de3a61b3dfc4684b96ca478562ac222ca4158c5428daa2a7880d342b6b5e02c
                                                                                                    • Instruction Fuzzy Hash: 3A71D77190125BDBDB11CF55C984AFFBB75EF46358F14422AE43067980D7B0C941CBA8
                                                                                                    Function 6C68DB10 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: _free
                                                                                                    • String ID:
                                                                                                    • API String ID: 269201875-0
                                                                                                    • Opcode ID: a5e2302f98bc4c33450c6552fef767f85f4249229aa460dea970599202ca86d5
                                                                                                    • Instruction ID: 34ac732dfdaaa77db59b216f781fb68312bf261dfc517f21f5e63ebd97131d1b
                                                                                                    • Opcode Fuzzy Hash: a5e2302f98bc4c33450c6552fef767f85f4249229aa460dea970599202ca86d5
                                                                                                    • Instruction Fuzzy Hash: 45412876F012009FCB14CF79C880A9DB7B5EF86718F1585A9D515EB740D730A905CBA8
                                                                                                    Function 6C692171 Relevance: 7.6, APIs: 5, Instructions: 109COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: _free
                                                                                                    • String ID:
                                                                                                    • API String ID: 269201875-0
                                                                                                    • Opcode ID: 578656294287a4e286b970fd8ae2cab7cbe2305fd05cc83eecc37a6132fcbf00
                                                                                                    • Instruction ID: 1244ee633ef03ae642e52f15fe8bb6e48eaed4a21630846bba9073068ca643df
                                                                                                    • Opcode Fuzzy Hash: 578656294287a4e286b970fd8ae2cab7cbe2305fd05cc83eecc37a6132fcbf00
                                                                                                    • Instruction Fuzzy Hash: E2412531606B029FEB15CF2AC840B55B3F1FF99728B14076DD54AE6AA0E731E646CB4C
                                                                                                    Function 6C6A6578 Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 87COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 6C6A6D68: ReadFile.KERNEL32(00000028,00000000,0000001C,0000001C,00000000), ref: 6C6A6D8A
                                                                                                      • Part of subcall function 6C6A6D68: GetLastError.KERNEL32(?,?,6C6A60D0,0000001C,00000000,00000028), ref: 6C6A6D94
                                                                                                      • Part of subcall function 6C6A6D68: GetLastError.KERNEL32(?,?,6C6A60D0,0000001C,00000000,00000028), ref: 6C6A6D9F
                                                                                                    • GetLastError.KERNEL32(?,0000001C,00000000,00000000), ref: 6C6A65B7
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLast$FileRead
                                                                                                    • String ID: , observed $c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\file\file_io.cc$read$read: expected
                                                                                                    • API String ID: 3644057887-3298404683
                                                                                                    • Opcode ID: a8c49a46bb71a5f0a70198deabc09223a9c2f079658b04c77419d493832c4d0e
                                                                                                    • Instruction ID: 3e55b5feb76011535cca4d5998078c93ec731e5d9de08371ddaca6c9d81b3b7d
                                                                                                    • Opcode Fuzzy Hash: a8c49a46bb71a5f0a70198deabc09223a9c2f079658b04c77419d493832c4d0e
                                                                                                    • Instruction Fuzzy Hash: 9E2135319043047ADB246AA9EC1AFE9735DCF0232CF100459F915B6EC2EF32DD4A856E
                                                                                                    Function 6C6A6663 Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 87COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 6C6A6DDA: WriteFile.KERNEL32(0000001C,000000FF,6C6A6334,00000000,00000000), ref: 6C6A6DF1
                                                                                                    • GetLastError.KERNEL32(?,000000FF,0000001C,00000001), ref: 6C6A66A2
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorFileLastWrite
                                                                                                    • String ID: , observed $c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\file\file_io.cc$write$write: expected
                                                                                                    • API String ID: 442123175-2204066763
                                                                                                    • Opcode ID: 91316786c0f310a02bf4cc360a95cf1f11e99963e347f652ed039914522fc24b
                                                                                                    • Instruction ID: a879361daadb256c95c912a0173dd9ba6d61240dabd407dfaa6297168403f1f1
                                                                                                    • Opcode Fuzzy Hash: 91316786c0f310a02bf4cc360a95cf1f11e99963e347f652ed039914522fc24b
                                                                                                    • Instruction Fuzzy Hash: E0218B715043147ADB202AA9EC0AFE9335CCF0232CF100449F914AAED2EF32DD5A45AE
                                                                                                    Function 6C69774E Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetEnvironmentStringsW.KERNEL32 ref: 6C697757
                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6C69777A
                                                                                                      • Part of subcall function 6C68C844: HeapAlloc.KERNEL32(00000000,0000010C,00000004,?,6C68C8A7,?,00000000,?,6C697B70,0000010C,00000004,?,0000010C,?,?,6C68DB9D), ref: 6C68C876
                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 6C6977A0
                                                                                                    • _free.LIBCMT ref: 6C6977B3
                                                                                                    • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 6C6977C2
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ByteCharEnvironmentMultiStringsWide$AllocFreeHeap_free
                                                                                                    • String ID:
                                                                                                    • API String ID: 2278895681-0
                                                                                                    • Opcode ID: e659b53a6d41fc1eee94beb41ee1de4bb96343b63e16ec4008305e121394d0c2
                                                                                                    • Instruction ID: f9750825ef970bac91108011a08065efcf1ccc2a7fc1ab93a5916392bb509886
                                                                                                    • Opcode Fuzzy Hash: e659b53a6d41fc1eee94beb41ee1de4bb96343b63e16ec4008305e121394d0c2
                                                                                                    • Instruction Fuzzy Hash: 400184727066167B771119BB6CCCCBF2B7DDBC7B657140129FD14DA600EB61AC0185B8
                                                                                                    Function 6C68FC9E Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetLastError.KERNEL32(00000000,00000000,00000000,6C6860F1,00000000,?,?,6C686175,00000000,00000000,00000000,00000000,00000000,0000010C,6C6722CA), ref: 6C68FCA3
                                                                                                    • _free.LIBCMT ref: 6C68FCD8
                                                                                                    • _free.LIBCMT ref: 6C68FCFF
                                                                                                    • SetLastError.KERNEL32(00000000,00000000,0000010C,6C6722CA), ref: 6C68FD0C
                                                                                                    • SetLastError.KERNEL32(00000000,00000000,0000010C,6C6722CA), ref: 6C68FD15
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLast$_free
                                                                                                    • String ID:
                                                                                                    • API String ID: 3170660625-0
                                                                                                    • Opcode ID: c2b27707f21b3bba952235ab3b19be30772d0a82a8636fb73cbf2e6f6c9ff9a8
                                                                                                    • Instruction ID: 0f0fb66419c64c23a1c3f53027de051f8806f81ee0f6b65b5155bc18e4355c40
                                                                                                    • Opcode Fuzzy Hash: c2b27707f21b3bba952235ab3b19be30772d0a82a8636fb73cbf2e6f6c9ff9a8
                                                                                                    • Instruction Fuzzy Hash: E2012332347A0177D3021176AC84D8F2279DBC33BDB350125F900A2B41DF708915457E
                                                                                                    Function 6C699D6D Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • _free.LIBCMT ref: 6C699D85
                                                                                                      • Part of subcall function 6C68CBA5: HeapFree.KERNEL32(00000000,00000000), ref: 6C68CBBB
                                                                                                      • Part of subcall function 6C68CBA5: GetLastError.KERNEL32(00000000,?,6C69A020,00000000,00000000,00000000,00000000,?,6C69A2C4,00000000,00000007,00000000,?,6C698081,00000000,00000000), ref: 6C68CBCD
                                                                                                    • _free.LIBCMT ref: 6C699D97
                                                                                                    • _free.LIBCMT ref: 6C699DA9
                                                                                                    • _free.LIBCMT ref: 6C699DBB
                                                                                                    • _free.LIBCMT ref: 6C699DCD
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                                                    • String ID:
                                                                                                    • API String ID: 776569668-0
                                                                                                    • Opcode ID: 01e8ce4e119db13999626edb316035c5679125fd4d9a699361aae9d30dd0eb53
                                                                                                    • Instruction ID: 6db9d4c689ef49e442d83dc06cc7c7ee492845b14b8f26bbb9b4a4db61a6ebf1
                                                                                                    • Opcode Fuzzy Hash: 01e8ce4e119db13999626edb316035c5679125fd4d9a699361aae9d30dd0eb53
                                                                                                    • Instruction Fuzzy Hash: DFF04F31607E046FDA04EA59E0C1C4773FAABC271D7600815F05DEBE14C730F8888AAC
                                                                                                    Function 6C69F4F1 Relevance: 7.5, APIs: 5, Instructions: 40COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 6C69F564: GetVersionExW.KERNEL32(0000011C), ref: 6C69F59E
                                                                                                      • Part of subcall function 6C69F711: AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000), ref: 6C69F744
                                                                                                      • Part of subcall function 6C69F711: CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 6C69F759
                                                                                                      • Part of subcall function 6C69F711: FreeSid.ADVAPI32(?), ref: 6C69F769
                                                                                                    • GetCurrentProcess.KERNEL32(00000008,?), ref: 6C69F50F
                                                                                                    • OpenProcessToken.ADVAPI32(00000000), ref: 6C69F516
                                                                                                    • GetTokenInformation.ADVAPI32(?,00000012(TokenIntegrityLevel),?,00000004,00000000), ref: 6C69F53A
                                                                                                    • CloseHandle.KERNEL32(?), ref: 6C69F547
                                                                                                    • CloseHandle.KERNEL32(?), ref: 6C69F553
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Token$CloseHandleProcess$AllocateCheckCurrentFreeInformationInitializeMembershipOpenVersion
                                                                                                    • String ID:
                                                                                                    • API String ID: 3927590866-0
                                                                                                    • Opcode ID: d16c99850ea5e7c5f6312c3b8ff65e2578d7d9afe6619d9908e890aed3692598
                                                                                                    • Instruction ID: 2438a232e220a37ce9b2e4730cb892e550cb16c03218882f744fc114038a3ec4
                                                                                                    • Opcode Fuzzy Hash: d16c99850ea5e7c5f6312c3b8ff65e2578d7d9afe6619d9908e890aed3692598
                                                                                                    • Instruction Fuzzy Hash: DAF08C71A00209FBDF00DFE29949BEEBBBCAF1630DF514091B900D6481D7319A1CEB2A
                                                                                                    Function 6C66F2B0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 182COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • std::_Xinvalid_argument.LIBCPMT ref: 6C66F453
                                                                                                    • std::_Xinvalid_argument.LIBCPMT ref: 6C66F45D
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Xinvalid_argumentstd::_
                                                                                                    • String ID: invalid string position$string too long
                                                                                                    • API String ID: 909987262-4289949731
                                                                                                    • Opcode ID: b77c7b5fb09c4d68b5cdf1912ab0cfb8b15c8af892ed334063c7b2ffdbf14488
                                                                                                    • Instruction ID: 4e53b455d1efbf8ae51ca111c3b225a32b1842e28c8f9e864109807e566a0772
                                                                                                    • Opcode Fuzzy Hash: b77c7b5fb09c4d68b5cdf1912ab0cfb8b15c8af892ed334063c7b2ffdbf14488
                                                                                                    • Instruction Fuzzy Hash: 3C51A07120520A9FCB10CF5AD8C0A8E73A5FF84348720092EE955D7E51EB31E915CBEB
                                                                                                    Function 6C666750 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 172COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • std::_Xinvalid_argument.LIBCPMT ref: 6C66684A
                                                                                                    • std::_Xinvalid_argument.LIBCPMT ref: 6C666854
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Xinvalid_argumentstd::_
                                                                                                    • String ID: invalid string position$string too long
                                                                                                    • API String ID: 909987262-4289949731
                                                                                                    • Opcode ID: 60ef726065daa4577106640a94f1bab1ac33f6c97f8b180c5752f531a4edc111
                                                                                                    • Instruction ID: 9a64e9ca5a468667de939f127070edff420b6a22c7c2f760b74ecb4d62b60f7f
                                                                                                    • Opcode Fuzzy Hash: 60ef726065daa4577106640a94f1bab1ac33f6c97f8b180c5752f531a4edc111
                                                                                                    • Instruction Fuzzy Hash: B251DF323052059BD724CF6EF89095AB7F9EF953687100A2EE456C7F50DB30E84487BA
                                                                                                    Function 6C696ADE Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 168COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • _strpbrk.LIBCMT ref: 6C696B2D
                                                                                                    • _free.LIBCMT ref: 6C696C4A
                                                                                                      • Part of subcall function 6C686183: IsProcessorFeaturePresent.KERNEL32(00000017), ref: 6C686185
                                                                                                      • Part of subcall function 6C686183: GetCurrentProcess.KERNEL32(C0000417,00000000,0000010C,6C6722CA), ref: 6C6861A7
                                                                                                      • Part of subcall function 6C686183: TerminateProcess.KERNEL32(00000000), ref: 6C6861AE
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Process$CurrentFeaturePresentProcessorTerminate_free_strpbrk
                                                                                                    • String ID: *?$.
                                                                                                    • API String ID: 2812119850-3972193922
                                                                                                    • Opcode ID: 41fc6043a840425796afd405c4b571990f4f1fc6203f5ab5936051dd2d745751
                                                                                                    • Instruction ID: 35b61926b7b1e1a307673c7b9ee0a41781cf654921f6ed2ebd3b9589e388914e
                                                                                                    • Opcode Fuzzy Hash: 41fc6043a840425796afd405c4b571990f4f1fc6203f5ab5936051dd2d745751
                                                                                                    • Instruction Fuzzy Hash: BD51C475E0420AEFDB04CFA9C880AEDB7F5EF49318F244169E854E7740E771DA058B98
                                                                                                    Function 6C6677C0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 159COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • std::_Xinvalid_argument.LIBCPMT ref: 6C66793F
                                                                                                    • std::_Xinvalid_argument.LIBCPMT ref: 6C667949
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Xinvalid_argumentstd::_
                                                                                                    • String ID: invalid string position$string too long
                                                                                                    • API String ID: 909987262-4289949731
                                                                                                    • Opcode ID: 0ed2c641c2aca841e20a0480a9b26b134975f2724868510a6410450708415e23
                                                                                                    • Instruction ID: 21e5a61101da40553289ed5758261c86bf3a2daea547e9074e3b0147904ff129
                                                                                                    • Opcode Fuzzy Hash: 0ed2c641c2aca841e20a0480a9b26b134975f2724868510a6410450708415e23
                                                                                                    • Instruction Fuzzy Hash: 8251B3726012059FD724CE1ED88099A77A6EF95758F200A3EE465CBF81D731EC50CBAB
                                                                                                    Function 6C69530A Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 147COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C695463
                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C695478
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                    • String ID: Ril$Ril
                                                                                                    • API String ID: 885266447-3773953928
                                                                                                    • Opcode ID: d3d58660992e09c29a12cf17a1689c376de72d9af0ff1b1adcf9161c74ca0909
                                                                                                    • Instruction ID: 2ec25744029ab2e72dde89a339cf5cd7344b55c72c16468571dac7449c735e96
                                                                                                    • Opcode Fuzzy Hash: d3d58660992e09c29a12cf17a1689c376de72d9af0ff1b1adcf9161c74ca0909
                                                                                                    • Instruction Fuzzy Hash: F051AF31A0020A9FCB04CF99C880E9DBBF2FF85319F19C259E91897761D770D951CB88
                                                                                                    Function 6C675460 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 128COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 6C673390: Sleep.KERNEL32(00000000), ref: 6C6733D2
                                                                                                    • AcquireSRWLockExclusive.KERNEL32(00000000,00000001,0000000F), ref: 6C675480
                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(00000000), ref: 6C6754E5
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ExclusiveLock$AcquireReleaseSleep
                                                                                                    • String ID: Ofgl$Ofgl
                                                                                                    • API String ID: 190390962-357919264
                                                                                                    • Opcode ID: 978257c80ce7c40075ace533a1567cad5788bc12cf1ce427815b1c0b17bd0a3d
                                                                                                    • Instruction ID: 270fba6eb389924170235f0038defcafb6afb378124b5b1b29ce3fd2df78311f
                                                                                                    • Opcode Fuzzy Hash: 978257c80ce7c40075ace533a1567cad5788bc12cf1ce427815b1c0b17bd0a3d
                                                                                                    • Instruction Fuzzy Hash: 2B419FB1A00705CBE720CFAAD48439ABBF5EF89314F108A7DD419D7B84DB75E9048B98
                                                                                                    Function 6C666910 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 113COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • std::_Xinvalid_argument.LIBCPMT ref: 6C666A09
                                                                                                    • std::_Xinvalid_argument.LIBCPMT ref: 6C666A13
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Xinvalid_argumentstd::_
                                                                                                    • String ID: invalid string position$string too long
                                                                                                    • API String ID: 909987262-4289949731
                                                                                                    • Opcode ID: 84ff3b8de95d6bd16a4dd8bb8240c5add9c1402189f83d3d57375c6e39ee5367
                                                                                                    • Instruction ID: 12b159ccb2ec255db428d598f71a6104b971e50c6dd3aa4755b477deb3047a19
                                                                                                    • Opcode Fuzzy Hash: 84ff3b8de95d6bd16a4dd8bb8240c5add9c1402189f83d3d57375c6e39ee5367
                                                                                                    • Instruction Fuzzy Hash: 3C31CB313002159FD7208F5EE880A5AB7A9EFD1758B204B2EF592CBF51D731E85487AA
                                                                                                    Function 6C661F20 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 112fileCOMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • new.LIBCMT ref: 6C661F48
                                                                                                      • Part of subcall function 6C661E30: GetModuleFileNameW.KERNEL32(00000000,?,00000104,?), ref: 6C661E54
                                                                                                    • CreateFileW.KERNEL32(?,00000004,00000003,00000000,00000004,00000080,00000000), ref: 6C661F81
                                                                                                    • CreateFileW.KERNEL32(?,00000004,00000003,00000000,00000004,00000080,00000000), ref: 6C662032
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: File$Create$ModuleName
                                                                                                    • String ID: debug.log
                                                                                                    • API String ID: 253491666-600467936
                                                                                                    • Opcode ID: 28e42fe31803454d994ff51d9ec9ff4c1d80aeaa33d7f0352419d2e863890dab
                                                                                                    • Instruction ID: 0e5419a42a936810d1df5ba64c719fdda063d52f135c92c2509d702bacd44c7c
                                                                                                    • Opcode Fuzzy Hash: 28e42fe31803454d994ff51d9ec9ff4c1d80aeaa33d7f0352419d2e863890dab
                                                                                                    • Instruction Fuzzy Hash: D441A874A01205ABDF00DFB2DC95BAD77B4AB06308F204115E911EBEE0EBB49919CB5E
                                                                                                    Function 6C675030 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 109COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: Gpgl$ZZgl
                                                                                                    • API String ID: 0-1592740813
                                                                                                    • Opcode ID: dae538ac689afc65d4d0a8ac2eebd5ac58b20c5b3cb7e6c30ae7ab238b0fdbb0
                                                                                                    • Instruction ID: 8ab2235e22005893607879cd018bca994b3fba664a7705a484128de090c95750
                                                                                                    • Opcode Fuzzy Hash: dae538ac689afc65d4d0a8ac2eebd5ac58b20c5b3cb7e6c30ae7ab238b0fdbb0
                                                                                                    • Instruction Fuzzy Hash: 2A418E71A00606DFCB14CF59D88459EF7B6FF85308B148969C506A7B00DB30BA05CBD5
                                                                                                    Function 6C664F30 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 104COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • std::_Xinvalid_argument.LIBCPMT ref: 6C66501A
                                                                                                    • std::_Xinvalid_argument.LIBCPMT ref: 6C665024
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Xinvalid_argumentstd::_
                                                                                                    • String ID: invalid string position$string too long
                                                                                                    • API String ID: 909987262-4289949731
                                                                                                    • Opcode ID: 182354ce25e884d8743ac4b6c87c3aeaf14c0b19c99396a7fdfaddb4de9509c9
                                                                                                    • Instruction ID: 1037e1e2934d7de967e280ebbfb52d84bc02f8f737a9022538e5f72cf9c80aa2
                                                                                                    • Opcode Fuzzy Hash: 182354ce25e884d8743ac4b6c87c3aeaf14c0b19c99396a7fdfaddb4de9509c9
                                                                                                    • Instruction Fuzzy Hash: 3831D7323012018FD725CE6EE890E6AB7A5EFD5369B100A2EF551C7F91C371D85087AB
                                                                                                    Function 6C6A4306 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 104fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    • c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\client\crash_report_database_win.cc, xrefs: 6C6A4392
                                                                                                    • DeleteFile , xrefs: 6C6A43C1
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: DeleteErrorFileLast
                                                                                                    • String ID: DeleteFile $c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\client\crash_report_database_win.cc
                                                                                                    • API String ID: 2018770650-2174402464
                                                                                                    • Opcode ID: f58e2a49daa761183835ebed023fbf0fac854377ff6745d21c0806ebcd842851
                                                                                                    • Instruction ID: 298bbe57488af5b925bae29a9d7f86ea502123472eca972c545162951cd80a9b
                                                                                                    • Opcode Fuzzy Hash: f58e2a49daa761183835ebed023fbf0fac854377ff6745d21c0806ebcd842851
                                                                                                    • Instruction Fuzzy Hash: F0317471D00209AECF04DFE6EC95FEEB7B8EF05318F104425B511A6A80EF74994ACA5D
                                                                                                    Function 6C6A45DD Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 6C6A674E: CloseHandle.KERNEL32(000000FF), ref: 6C6A6761
                                                                                                      • Part of subcall function 6C6A674E: GetLastError.KERNEL32(?,00000000), ref: 6C6A677A
                                                                                                    • DeleteFileW.KERNEL32(?), ref: 6C6A4612
                                                                                                    • GetLastError.KERNEL32 ref: 6C6A4631
                                                                                                    Strings
                                                                                                    • c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\client\crash_report_database_win.cc, xrefs: 6C6A463D
                                                                                                    • DeleteFile , xrefs: 6C6A466F
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLast$CloseDeleteFileHandle
                                                                                                    • String ID: DeleteFile $c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\client\crash_report_database_win.cc
                                                                                                    • API String ID: 1758595503-2174402464
                                                                                                    • Opcode ID: ab9608b2ad0db26d0a938018074f8d48c2db0d8f7c1a399e2c0cae61ba33e18e
                                                                                                    • Instruction ID: cd052a2f434b43d8d1e3ec3ebc101f51fe69ad5e2b49497618064b6f7ce910b9
                                                                                                    • Opcode Fuzzy Hash: ab9608b2ad0db26d0a938018074f8d48c2db0d8f7c1a399e2c0cae61ba33e18e
                                                                                                    • Instruction Fuzzy Hash: 6521B172A01204AADB00CFA6EC45FEE73BCEF46318F10046AE401A7A80DF75AD09C66D
                                                                                                    Function 6C6A69EA Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 76COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __vwprintf_l.LIBCMT ref: 6C6A6A12
                                                                                                    • GetLastError.KERNEL32(?,?,00000000,00000000), ref: 6C6A6A2F
                                                                                                    Strings
                                                                                                    • c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\file\file_io_win.cc, xrefs: 6C6A6A3C
                                                                                                    • CreateFile , xrefs: 6C6A6A6A
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLast__vwprintf_l
                                                                                                    • String ID: CreateFile $c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\file\file_io_win.cc
                                                                                                    • API String ID: 3407089876-2132845161
                                                                                                    • Opcode ID: f013eecdb4bc2f9ac0eba1f4bef4861162f132675677ff95bb0be584ff10985a
                                                                                                    • Instruction ID: 8923dacde356d6cb6bad708f1483cbaa5de18460a2f886c029e57eb3044ae51d
                                                                                                    • Opcode Fuzzy Hash: f013eecdb4bc2f9ac0eba1f4bef4861162f132675677ff95bb0be584ff10985a
                                                                                                    • Instruction Fuzzy Hash: 38112731A413086EDB10DFB5DC56FEE73A8DF05328F10051AF915A7AC1EB719D08866D
                                                                                                    Function 6C6A3E20 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 69fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • UnlockFileEx.KERNEL32(?,00000000,?,?,?), ref: 6C6A3E55
                                                                                                    • GetLastError.KERNEL32(?,00000000,?,?,?), ref: 6C6A3E6E
                                                                                                    Strings
                                                                                                    • c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\client\crash_report_database_win.cc, xrefs: 6C6A3E7B
                                                                                                    • UnlockFileEx, xrefs: 6C6A3E8E
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorFileLastUnlock
                                                                                                    • String ID: UnlockFileEx$c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\client\crash_report_database_win.cc
                                                                                                    • API String ID: 3655728120-672186346
                                                                                                    • Opcode ID: 59829762604f748f1c33aaacc6b36f7a698ef7a6818dfc6ef9c27c7285575409
                                                                                                    • Instruction ID: 8b80d9492dad843ee7229a06b5fbb97e66dca0fb4c059aef7c2efc171b3bf728
                                                                                                    • Opcode Fuzzy Hash: 59829762604f748f1c33aaacc6b36f7a698ef7a6818dfc6ef9c27c7285575409
                                                                                                    • Instruction Fuzzy Hash: AC112B315042057EE710DEF5DC51BEBB7B8EB4231CF10097ED255A2D90DB319D0A866D
                                                                                                    Function 6C6A67C4 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 62fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • LockFileEx.KERNEL32(00000000,00000000,00000000,000000FF,000000FF,?,0000001C,0000001C,00000000), ref: 6C6A67FA
                                                                                                    • GetLastError.KERNEL32 ref: 6C6A6810
                                                                                                    Strings
                                                                                                    • c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\file\file_io_win.cc, xrefs: 6C6A681C
                                                                                                    • LockFileEx, xrefs: 6C6A682F
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorFileLastLock
                                                                                                    • String ID: LockFileEx$c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\file\file_io_win.cc
                                                                                                    • API String ID: 1811722133-1010764315
                                                                                                    • Opcode ID: afdd2464633e1ca0ec32d58f83a3f8e7b7ce2cc1e3c4f876e13f87890b8a8155
                                                                                                    • Instruction ID: 598595613905e676320555be92b23c566f056929ae671fb0b579a14db8550b4f
                                                                                                    • Opcode Fuzzy Hash: afdd2464633e1ca0ec32d58f83a3f8e7b7ce2cc1e3c4f876e13f87890b8a8155
                                                                                                    • Instruction Fuzzy Hash: 4C01497190420539EB109ABADC85BEB776CDF06378F10056AE528F69D0CB32AD4A45BD
                                                                                                    Function 6C6A6AB6 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 61COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • SetFilePointerEx.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 6C6A6AEE
                                                                                                    • GetLastError.KERNEL32 ref: 6C6A6B07
                                                                                                    Strings
                                                                                                    • c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\file\file_io_win.cc, xrefs: 6C6A6B13
                                                                                                    • SetFilePointerEx, xrefs: 6C6A6B26
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorFileLastPointer
                                                                                                    • String ID: SetFilePointerEx$c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\file\file_io_win.cc
                                                                                                    • API String ID: 2976181284-399997206
                                                                                                    • Opcode ID: 89b0c4bfff56f7903ad87b250894c13bc4d7a070ad9eeb091ee6ad7d62c00771
                                                                                                    • Instruction ID: 3b4a53ab15178f3e2f5d9231c3031c8f4aa00903e666e3e56b5cfa692fd374b1
                                                                                                    • Opcode Fuzzy Hash: 89b0c4bfff56f7903ad87b250894c13bc4d7a070ad9eeb091ee6ad7d62c00771
                                                                                                    • Instruction Fuzzy Hash: B6110831640105ABDB048EFDDC46FEE7769EB06358F104259F625D7DC1D631DD258A1C
                                                                                                    Function 6C6A0518 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 57COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CanOfferRelaunch.GCAPI(?,?,?,?), ref: 6C6A052C
                                                                                                      • Part of subcall function 6C673FC0: RegCreateKeyExW.ADVAPI32(00000202,?,00000000,00000000,00000000,?,00000000,?), ref: 6C673FFA
                                                                                                      • Part of subcall function 6C673FC0: RegCloseKey.ADVAPI32 ref: 6C67400D
                                                                                                      • Part of subcall function 6C6743A0: RegSetValueExW.ADVAPI32 ref: 6C6743E1
                                                                                                      • Part of subcall function 6C69F147: GetLocalTime.KERNEL32(?), ref: 6C69F15F
                                                                                                      • Part of subcall function 6C674370: RegSetValueExW.ADVAPI32 ref: 6C674390
                                                                                                    Strings
                                                                                                    • Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}, xrefs: 6C6A0542
                                                                                                    • RelaunchAllowedAfter, xrefs: 6C6A0575
                                                                                                    • RelaunchBrandcode, xrefs: 6C6A055E
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Value$CloseCreateLocalOfferRelaunchTime
                                                                                                    • String ID: RelaunchAllowedAfter$RelaunchBrandcode$Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
                                                                                                    • API String ID: 4093175577-67220017
                                                                                                    • Opcode ID: 04dc5a7b95d3d57418b662ac05535ac8ed091f5c7dfdd839ab99914080a69547
                                                                                                    • Instruction ID: eb590bc749d0eb0facf2c89cdd58b7d56410bcd7dad02af14c9d77e548f0d0d5
                                                                                                    • Opcode Fuzzy Hash: 04dc5a7b95d3d57418b662ac05535ac8ed091f5c7dfdd839ab99914080a69547
                                                                                                    • Instruction Fuzzy Hash: EE11A531500216ABDB149EE1ED00ADF7B749F06358F104515FE12A6950EB71DD26CBED
                                                                                                    Function 6C6A6C33 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 54fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • UnlockFileEx.KERNEL32(000000FF,00000000,000000FF,000000FF,?,00000000,00000000), ref: 6C6A6C5B
                                                                                                    • GetLastError.KERNEL32 ref: 6C6A6C72
                                                                                                    Strings
                                                                                                    • UnlockFileEx, xrefs: 6C6A6C92
                                                                                                    • c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\file\file_io_win.cc, xrefs: 6C6A6C7F
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorFileLastUnlock
                                                                                                    • String ID: UnlockFileEx$c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\file\file_io_win.cc
                                                                                                    • API String ID: 3655728120-168028389
                                                                                                    • Opcode ID: 3345b196647f4f5c046c4f3abd6910c6b1e5c6d2d783e768cfeecc8afb43c7c7
                                                                                                    • Instruction ID: fdb9b2129e0bbaf7ee5414abeec73eb5a2410334e5b84a3bccae2933b6de92b2
                                                                                                    • Opcode Fuzzy Hash: 3345b196647f4f5c046c4f3abd6910c6b1e5c6d2d783e768cfeecc8afb43c7c7
                                                                                                    • Instruction Fuzzy Hash: BB012B319042053AEB008FF9DC42FEAB36CDB0632CF10066AE525F6ED1DB31AD4A456E
                                                                                                    Function 6C682F01 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • _UnwindNestedFrames.LIBCMT ref: 6C682F2F
                                                                                                    • ___FrameUnwindToState.LIBVCRUNTIME ref: 6C682F41
                                                                                                    • CallCatchBlock.LIBVCRUNTIME ref: 6C682F65
                                                                                                      • Part of subcall function 6C683549: ___AdjustPointer.LIBCMT ref: 6C683596
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Unwind$AdjustBlockCallCatchFrameFramesNestedPointerState
                                                                                                    • String ID: &3hl
                                                                                                    • API String ID: 4287930071-1796258027
                                                                                                    • Opcode ID: fa58f82d3c1954d7f4a288f043c0d815a92d5387328e534f610f396ef617e9ab
                                                                                                    • Instruction ID: cd709fba4cc85afc2836d11b6a55b915e831c4ac670ebd2355317976b4a8edc7
                                                                                                    • Opcode Fuzzy Hash: fa58f82d3c1954d7f4a288f043c0d815a92d5387328e534f610f396ef617e9ab
                                                                                                    • Instruction Fuzzy Hash: 9D01E572001149BBCF125F55CC08EDA3BBAFF4E758F154114FE5866620C772E865EBA8
                                                                                                    Function 6C690D37 Relevance: 6.3, APIs: 4, Instructions: 305COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: __alldvrm$_strrchr
                                                                                                    • String ID:
                                                                                                    • API String ID: 1036877536-0
                                                                                                    • Opcode ID: 08bbd95e0c94314e88f8ac9cb1697bb445864f1c51da791db5baa43eeec002dc
                                                                                                    • Instruction ID: 85db102abdf12f9272879ec48d8e8fe543f958416fc0d61d96af786fde743451
                                                                                                    • Opcode Fuzzy Hash: 08bbd95e0c94314e88f8ac9cb1697bb445864f1c51da791db5baa43eeec002dc
                                                                                                    • Instruction Fuzzy Hash: EAA16832A053C79FE711CF18C8907AEBBE5EF1A358F1442ADD9859BB81C7348986C758
                                                                                                    Function 6C662400 Relevance: 6.2, APIs: 4, Instructions: 154fileCOMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • OutputDebugStringA.KERNEL32(?), ref: 6C662481
                                                                                                    • WriteFile.KERNEL32(?,?,?,00000000), ref: 6C6624FF
                                                                                                    • SetLastError.KERNEL32(?,?,00000000), ref: 6C6625AF
                                                                                                    • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 6C6625C6
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: DebugErrorFileIos_base_dtorLastOutputStringWritestd::ios_base::_
                                                                                                    • String ID:
                                                                                                    • API String ID: 3426912829-0
                                                                                                    • Opcode ID: 901e449ccd1b76f1e9803ae8603d1a42816f191e15e2fc5a08f290f6fda08f70
                                                                                                    • Instruction ID: f1250309f283d6b2b2eac2f2ab0a7485ef0e1b9e230ada673862ed98223b52ef
                                                                                                    • Opcode Fuzzy Hash: 901e449ccd1b76f1e9803ae8603d1a42816f191e15e2fc5a08f290f6fda08f70
                                                                                                    • Instruction Fuzzy Hash: BE51A0B16043019BDB10CF56C889A9A77F8FF46308F40082CF99596A91D771E958CBAF
                                                                                                    Function 6C69DBFC Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: _free
                                                                                                    • String ID:
                                                                                                    • API String ID: 269201875-0
                                                                                                    • Opcode ID: 4524d88bf8f03c7d2f8f5086f4c6bccc20af7b26806faf5250d52f84b2442682
                                                                                                    • Instruction ID: b1b375a07339c8779a56be49fd2a2a4f6e290e0dd78375692b06b48e543c8c4c
                                                                                                    • Opcode Fuzzy Hash: 4524d88bf8f03c7d2f8f5086f4c6bccc20af7b26806faf5250d52f84b2442682
                                                                                                    • Instruction Fuzzy Hash: 1A410431A02506ABD7115EB98C44AEE3AA9EF4377CF140635F818D6BD0DBB48849876E
                                                                                                    Function 6C68FE76 Relevance: 6.1, APIs: 4, Instructions: 133COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 2a364e97d63ad2205fab7e184eb5bf24a14a448880fdb1e228c5ddea3591edca
                                                                                                    • Instruction ID: d6ae397c0c7636653c452915b7022448537df657b96fafb9f14cc6cd524b725e
                                                                                                    • Opcode Fuzzy Hash: 2a364e97d63ad2205fab7e184eb5bf24a14a448880fdb1e228c5ddea3591edca
                                                                                                    • Instruction Fuzzy Hash: 51414972601744BFD3148F7CCC04B9ABBB9EB8A714F108A6AE141DBF81D771990587A9
                                                                                                    Function 6C694BE8 Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000000,08A8C445,00000008,00000000,00000000,6C6700E9,00000000,-00000018,?,00000001,00000008,08A8C445,00000001,6C6700E9,00000001), ref: 6C694C35
                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 6C694CBE
                                                                                                    • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 6C694CD0
                                                                                                    • __freea.LIBCMT ref: 6C694CD9
                                                                                                      • Part of subcall function 6C68C844: HeapAlloc.KERNEL32(00000000,0000010C,00000004,?,6C68C8A7,?,00000000,?,6C697B70,0000010C,00000004,?,0000010C,?,?,6C68DB9D), ref: 6C68C876
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ByteCharMultiWide$AllocHeapStringType__freea
                                                                                                    • String ID:
                                                                                                    • API String ID: 573072132-0
                                                                                                    • Opcode ID: c2c68318182bcb8e0aa61bc6dbde073eb24af4571fce471b059383c807a16a3c
                                                                                                    • Instruction ID: 1f0e503230f82181ed511283f75c416981705ea8344cba9d81ff810cd4e9db09
                                                                                                    • Opcode Fuzzy Hash: c2c68318182bcb8e0aa61bc6dbde073eb24af4571fce471b059383c807a16a3c
                                                                                                    • Instruction Fuzzy Hash: 98319C72A0120AAFDF158FA5DC80DFE3BA5EF41318F114229EC24E6640E735D964CBA8
                                                                                                    Function 6C672EE0 Relevance: 6.1, APIs: 4, Instructions: 78timeCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • TzSpecificLocalTimeToSystemTime.KERNEL32(00000000,?,?,00000001,?,?,?,?,?,?,?,6C6A0690), ref: 6C672F5B
                                                                                                    • SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,6C6A0690), ref: 6C672F6F
                                                                                                    • SystemTimeToFileTime.KERNEL32(?,00000001,00000001,?,?,?,?,?,?,?,6C6A0690), ref: 6C672F83
                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C672FBD
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Time$System$File$LocalSpecificUnothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                    • String ID:
                                                                                                    • API String ID: 1393065386-0
                                                                                                    • Opcode ID: be49a3ed200b20d8ed09873862b3ab544ee088d57adde2b5c1582370f9461b31
                                                                                                    • Instruction ID: ac4442ee6788862db13a09284651b911f3f0dc852e9a5a4c34e3557a810d22ac
                                                                                                    • Opcode Fuzzy Hash: be49a3ed200b20d8ed09873862b3ab544ee088d57adde2b5c1582370f9461b31
                                                                                                    • Instruction Fuzzy Hash: CF314779218345DBC710CF61C840B6BB7E8BF49708F10890EF899C7290E739D949DBAA
                                                                                                    Function 6C68D7C8 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 850974b1815bcd3b8340705e8e73f32d63ab9821f6ef7440ac20af03afbf812f
                                                                                                    • Instruction ID: d14ebbcd642dc0e87636efe3aac7d21c3cc57aacb0d045ef6187f2a8dd397473
                                                                                                    • Opcode Fuzzy Hash: 850974b1815bcd3b8340705e8e73f32d63ab9821f6ef7440ac20af03afbf812f
                                                                                                    • Instruction Fuzzy Hash: 0C017CF270B6177EFA1015B96CC0FAB222DEB927BCB640726B121616C4DB609C44857C
                                                                                                    Function 6C6813D5 Relevance: 6.1, APIs: 4, Instructions: 53timethreadCOMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetSystemTimeAsFileTime.KERNEL32(00000000,00000000,00000000), ref: 6C681409
                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C681418
                                                                                                    • GetCurrentProcessId.KERNEL32 ref: 6C681421
                                                                                                    • QueryPerformanceCounter.KERNEL32(?), ref: 6C68142E
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                    • String ID:
                                                                                                    • API String ID: 2933794660-0
                                                                                                    • Opcode ID: 61a687bc701530ca5ce567ae83a2db0b5e43b0ac5a249beeeed877a1b8d34bc9
                                                                                                    • Instruction ID: 04ea4d08b136d90aa9788e85e78d4af48b158c8a612dc8259763698fdc709964
                                                                                                    • Opcode Fuzzy Hash: 61a687bc701530ca5ce567ae83a2db0b5e43b0ac5a249beeeed877a1b8d34bc9
                                                                                                    • Instruction Fuzzy Hash: 07115E75E06108DBDF04CFBAD5846AEB7B4EF09315F61456AD417DB240DA309A40CB68
                                                                                                    Function 6C6A6D68 Relevance: 6.0, APIs: 4, Instructions: 48fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ReadFile.KERNEL32(00000028,00000000,0000001C,0000001C,00000000), ref: 6C6A6D8A
                                                                                                    • GetLastError.KERNEL32(?,?,6C6A60D0,0000001C,00000000,00000028), ref: 6C6A6D94
                                                                                                    • GetLastError.KERNEL32(?,?,6C6A60D0,0000001C,00000000,00000028), ref: 6C6A6D9F
                                                                                                    • GetFileType.KERNEL32 ref: 6C6A6DBB
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorFileLast$ReadType
                                                                                                    • String ID:
                                                                                                    • API String ID: 2855922492-0
                                                                                                    • Opcode ID: ad04802900482f99bad76677e270bd4e1a00986d59183c47ee7467be3291cf01
                                                                                                    • Instruction ID: ea37de5f27b21d1338c38acb49771bef8938ed39fe528274cfe594c0d7e49fdf
                                                                                                    • Opcode Fuzzy Hash: ad04802900482f99bad76677e270bd4e1a00986d59183c47ee7467be3291cf01
                                                                                                    • Instruction Fuzzy Hash: B301A231301119ABDB00AEEEDC85B9E37F9FB023E9F140225F814D7551D730EC124AA8
                                                                                                    Function 6C6725C0 Relevance: 6.0, APIs: 4, Instructions: 47COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: e9497407c361fa0e5cdba83c1c808aa0bd6f632a9449a5baa6c9db17d36afeda
                                                                                                    • Instruction ID: ee0bf6c1c6ba37a73ea94a832275b8c033f89c8825e198de5169c23c0be78b54
                                                                                                    • Opcode Fuzzy Hash: e9497407c361fa0e5cdba83c1c808aa0bd6f632a9449a5baa6c9db17d36afeda
                                                                                                    • Instruction Fuzzy Hash: E0F0E9B150620487A6349BB44525E9E33A84F1136C7100F3BEA16C6F83FB21E5D981BE
                                                                                                    Function 6C670640 Relevance: 6.0, APIs: 4, Instructions: 47COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: fae71b4869ae569bafac289f6a09a1d21ff0609c13e63d45931af16e1a68b08f
                                                                                                    • Instruction ID: 7002587ff0924948d8c7ff908495e448945aeb9316d4f58d37a7e5864e2ca8e0
                                                                                                    • Opcode Fuzzy Hash: fae71b4869ae569bafac289f6a09a1d21ff0609c13e63d45931af16e1a68b08f
                                                                                                    • Instruction Fuzzy Hash: 83F09EF141328056A72497704570E9E32A84F8235CB600F39F62AC6F41EF22E69881BF
                                                                                                    Function 6C66D3D0 Relevance: 6.0, APIs: 4, Instructions: 47COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 19b66c6cea623c4ce6e82e1a1a5c1cb39f330c3bcc8957baa14ce12d8e58302c
                                                                                                    • Instruction ID: 0f9cdb8cdc1b434c829353a64c9723789bae3b2aae06fb7ba174090328e0c3e4
                                                                                                    • Opcode Fuzzy Hash: 19b66c6cea623c4ce6e82e1a1a5c1cb39f330c3bcc8957baa14ce12d8e58302c
                                                                                                    • Instruction Fuzzy Hash: 77F059B140220406A61487B64510E9F72684F0236C770073AE616C3F41EF60F95981AF
                                                                                                    Function 6C670D70 Relevance: 6.0, APIs: 4, Instructions: 45COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: a3b9674a052d906bc40769fbd11e90ff7402c1ad619f96228d6ceedf274cac0c
                                                                                                    • Instruction ID: 64371661178c167147029a4760341bad0c499a8bb09e49014d6b4c262b3d2c49
                                                                                                    • Opcode Fuzzy Hash: a3b9674a052d906bc40769fbd11e90ff7402c1ad619f96228d6ceedf274cac0c
                                                                                                    • Instruction Fuzzy Hash: A2F0B4B55073844AE62487B88660FDF32E84F1135C7500A3AE916C6E15EF62F99882BE
                                                                                                    Function 6C66B020 Relevance: 6.0, APIs: 4, Instructions: 45COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 15c0b58c902f026745a66fbe5b3f6f91989226b873c08466af165a5806f21b42
                                                                                                    • Instruction ID: 70f5685ee2681739a0cf9f6c4b6ceba980a66051fdb29bfcc78c5814fe7d1689
                                                                                                    • Opcode Fuzzy Hash: 15c0b58c902f026745a66fbe5b3f6f91989226b873c08466af165a5806f21b42
                                                                                                    • Instruction Fuzzy Hash: 54F02B75002104DAA61487B64511E9E76E88F9135C710023AF565C7E11EF60E55CD2AF
                                                                                                    Function 6C6A674E Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 43COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CloseHandle.KERNEL32(000000FF), ref: 6C6A6761
                                                                                                    • GetLastError.KERNEL32(?,00000000), ref: 6C6A677A
                                                                                                    Strings
                                                                                                    • CloseHandle, xrefs: 6C6A679A
                                                                                                    • c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\file\file_io_win.cc, xrefs: 6C6A6787
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CloseErrorHandleLast
                                                                                                    • String ID: CloseHandle$c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\file\file_io_win.cc
                                                                                                    • API String ID: 918212764-2138661059
                                                                                                    • Opcode ID: 69a495bb04129c63fbe2ce46b5e10238716e08d2e839aadafab084c8bdd12d4d
                                                                                                    • Instruction ID: f2e38751b8866dda0dbb6d2362385bf6b5974bda765f991999fd6ec84f258b83
                                                                                                    • Opcode Fuzzy Hash: 69a495bb04129c63fbe2ce46b5e10238716e08d2e839aadafab084c8bdd12d4d
                                                                                                    • Instruction Fuzzy Hash: 86F08B7180031166DB216AB5EC0AFDA7318CF023A8F10485AEC04BAEC2DB31CC08468E
                                                                                                    Function 6C664B40 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 204COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • std::_Xinvalid_argument.LIBCPMT ref: 6C664BF6
                                                                                                    • std::_Xinvalid_argument.LIBCPMT ref: 6C664C00
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Xinvalid_argumentstd::_
                                                                                                    • String ID: string too long
                                                                                                    • API String ID: 909987262-2556327735
                                                                                                    • Opcode ID: b197292970e6c8064eaf6f9e60785e8bb4840b4fe4bf28976a204e842d04ffc3
                                                                                                    • Instruction ID: 43e8410a4a0ab59e2ff8ef9d5cb59c33235b803dc1444d66d9a6b241a8775dec
                                                                                                    • Opcode Fuzzy Hash: b197292970e6c8064eaf6f9e60785e8bb4840b4fe4bf28976a204e842d04ffc3
                                                                                                    • Instruction Fuzzy Hash: E551EA333056505BD321C96EE890A7AF7E9EB92768B10092BE591C7F91C7B1D84483AB
                                                                                                    Function 6C68C99D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __startOneArgErrorHandling.LIBCMT ref: 6C68CA2D
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorHandling__start
                                                                                                    • String ID: pow
                                                                                                    • API String ID: 3213639722-2276729525
                                                                                                    • Opcode ID: c0a3554a7123e5bbb0be6d2317ed7519d90b29172de038d925d854ba0eee7aa4
                                                                                                    • Instruction ID: 4d3d0adcd210d709a544cc0109f623ea134093ef682b74ddf17eed2b044c2331
                                                                                                    • Opcode Fuzzy Hash: c0a3554a7123e5bbb0be6d2317ed7519d90b29172de038d925d854ba0eee7aa4
                                                                                                    • Instruction Fuzzy Hash: F6516F71B0B703E6CB01BA14C55039A7BB49B41B98F204F59E0A3C5E98EF39C49996DF
                                                                                                    Function 6C6662E0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 158COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: invalid string position$string too long
                                                                                                    • API String ID: 0-4289949731
                                                                                                    • Opcode ID: 5878153dfff5f2b8e8c7e12ad072596b06e2996394e7a25418c2239c09372141
                                                                                                    • Instruction ID: 5c05ce51e54035c628e67ad5a37f4945c19526ec8a6cb910ccb6d5993d89aea2
                                                                                                    • Opcode Fuzzy Hash: 5878153dfff5f2b8e8c7e12ad072596b06e2996394e7a25418c2239c09372141
                                                                                                    • Instruction Fuzzy Hash: 0E41B6323042504BD3209E5EF840A5AF7E9EFA1765F10493FE691DBE51D7B1D80487EA
                                                                                                    Function 6C66F170 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 132COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: invalid string position$string too long
                                                                                                    • API String ID: 0-4289949731
                                                                                                    • Opcode ID: ccb08e12a9bad61c3ec89259f1645d690b514939f6474eaa5116c2e581a278e3
                                                                                                    • Instruction ID: 21992501708d197f6d2bcf1cbb5a32e59bac1ae7a4f736cebc926c4840f93fe0
                                                                                                    • Opcode Fuzzy Hash: ccb08e12a9bad61c3ec89259f1645d690b514939f6474eaa5116c2e581a278e3
                                                                                                    • Instruction Fuzzy Hash: 5941C2357052059BC720CF9EDC90E9AB7AAFF85758310092EE550CBE54DB30E8568BAB
                                                                                                    Function 6C69FCD5 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 129COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GoogleChromeDaysSinceLastRun.GCAPI ref: 6C69FDBB
                                                                                                    Strings
                                                                                                    • Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}, xrefs: 6C69FDDE
                                                                                                    • RelaunchAllowedAfter, xrefs: 6C69FDF8
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ChromeDaysGoogleLastSince
                                                                                                    • String ID: RelaunchAllowedAfter$Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
                                                                                                    • API String ID: 2052684696-26780984
                                                                                                    • Opcode ID: 3e3662db9772daece0440c5a9512752ed313e7121a14e8968caf8a19142f45b7
                                                                                                    • Instruction ID: 940dafaaa9359c11182033a01e703d7c897c116f54128cd5df882a9f5ca20c47
                                                                                                    • Opcode Fuzzy Hash: 3e3662db9772daece0440c5a9512752ed313e7121a14e8968caf8a19142f45b7
                                                                                                    • Instruction Fuzzy Hash: B741B93190121BAADB10DFA4D854BEE73F4AF0271CF220519F850A7991EB71D94A8BDF
                                                                                                    Function 6C6A4ADC Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 124COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: dmp$reports
                                                                                                    • API String ID: 0-1316949204
                                                                                                    • Opcode ID: 3d0d75de11f740cb93bed92b3ea2c84a75ac579eb51ae7e20824eda43315acfd
                                                                                                    • Instruction ID: 15617a17fd5c26a7a5744cc45a20642761213b700e828ddc053423cf3f6488d9
                                                                                                    • Opcode Fuzzy Hash: 3d0d75de11f740cb93bed92b3ea2c84a75ac579eb51ae7e20824eda43315acfd
                                                                                                    • Instruction Fuzzy Hash: 2A41A5719012086BCB14DFA5DC90EEEB7A9EF46308F104569E505E7B80DF709D0A8BAD
                                                                                                    Function 6C664D29 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 122COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • std::_Xinvalid_argument.LIBCPMT ref: 6C664E2C
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Xinvalid_argumentstd::_
                                                                                                    • String ID: invalid string position$string too long
                                                                                                    • API String ID: 909987262-4289949731
                                                                                                    • Opcode ID: 9c7962a22f3f6ea2b120f5a1c840e861b92450828902cf519ed844a14755f729
                                                                                                    • Instruction ID: 284fb7f7007ce6b4fafa7e97fa489d84bac9ec8dfd6b50fc74c043aa7fb7f9f9
                                                                                                    • Opcode Fuzzy Hash: 9c7962a22f3f6ea2b120f5a1c840e861b92450828902cf519ed844a14755f729
                                                                                                    • Instruction Fuzzy Hash: FE31B2323042508BD321CE6DE850BAAF7E5EB91B69F100A2FD151CBE81D7B1D85187AB
                                                                                                    Function 6C664970 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 121COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • std::_Xinvalid_argument.LIBCPMT ref: 6C664A86
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Xinvalid_argumentstd::_
                                                                                                    • String ID: invalid string position$string too long
                                                                                                    • API String ID: 909987262-4289949731
                                                                                                    • Opcode ID: 98676927395c38ad6e701ff3c0f94a542dff78ef4ea52f58820418357de37417
                                                                                                    • Instruction ID: d12626e5053cd174d4b2c2d494b8a794a54dd0f2eadf58220d6ec64e9c5f4b2b
                                                                                                    • Opcode Fuzzy Hash: 98676927395c38ad6e701ff3c0f94a542dff78ef4ea52f58820418357de37417
                                                                                                    • Instruction Fuzzy Hash: FE31B0323052149B8320DF6EE89086BB3E6FFD47593100A2EE556D7E14EB71E81487AE
                                                                                                    Function 6C670A20 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 121COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • std::_Xinvalid_argument.LIBCPMT ref: 6C670B4C
                                                                                                      • Part of subcall function 6C67FC11: std::invalid_argument::invalid_argument.LIBCONCRT ref: 6C67FC1D
                                                                                                      • Part of subcall function 6C67FC11: __CxxThrowException@8.LIBVCRUNTIME ref: 6C67FC2B
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Exception@8ThrowXinvalid_argumentstd::_std::invalid_argument::invalid_argument
                                                                                                    • String ID: ,$vector<T> too long
                                                                                                    • API String ID: 1419379543-2403322092
                                                                                                    • Opcode ID: a314d56590f7ba6bb533c63152c12a466780819ffd07faea212a2d3c605522e2
                                                                                                    • Instruction ID: 4b9e4c660ad55262758a53d139dc533d0e596b758c8ee2bd1305c50f846ca755
                                                                                                    • Opcode Fuzzy Hash: a314d56590f7ba6bb533c63152c12a466780819ffd07faea212a2d3c605522e2
                                                                                                    • Instruction Fuzzy Hash: 03311331E011489BDF20DFA8C8C0AEEF775EF09308F144929E815A7741C772A958C7B9
                                                                                                    Function 6C66A660 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 85COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • std::_Xinvalid_argument.LIBCPMT ref: 6C66A70A
                                                                                                    • std::_Xinvalid_argument.LIBCPMT ref: 6C66A714
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Xinvalid_argumentstd::_
                                                                                                    • String ID: string too long
                                                                                                    • API String ID: 909987262-2556327735
                                                                                                    • Opcode ID: 37be5ab6ae483009dcdcc8d4dae6b54713bbb4ea887113ba2b081bdecc444a22
                                                                                                    • Instruction ID: 7376d9d8919617339d092de3859dd3022906d04f063fe42951c1ca21cb5e4c61
                                                                                                    • Opcode Fuzzy Hash: 37be5ab6ae483009dcdcc8d4dae6b54713bbb4ea887113ba2b081bdecc444a22
                                                                                                    • Instruction Fuzzy Hash: 1611E4323182204B47205E6EF88085AF3EAFFE57653100A2FE152C7E61DB21A80487AE
                                                                                                    Function 6C69F056 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 82COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetClassNameW.USER32(?,?,00000104), ref: 6C69F0B2
                                                                                                    • SetWindowPos.USER32(?,?,?,?,?,?,?), ref: 6C69F105
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ClassNameWindow
                                                                                                    • String ID: Chrome_WidgetWin_
                                                                                                    • API String ID: 697123166-524248775
                                                                                                    • Opcode ID: 4bd0e8762819465dee11e1ee422a8496d5be453b0f0d66d2884734a384abcc5d
                                                                                                    • Instruction ID: c8635b185d311a2f28602709400580caf1053e77a6a252f6068c2d7e14099648
                                                                                                    • Opcode Fuzzy Hash: 4bd0e8762819465dee11e1ee422a8496d5be453b0f0d66d2884734a384abcc5d
                                                                                                    • Instruction Fuzzy Hash: FA21B1B1A00209BBCB14CF61DC84FDAB7B8FF25304F104659B519E3941E771EA98CBA9
                                                                                                    Function 6C6A134D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 77comCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CoCreateInstance.OLE32(6C6B8238,00000000,00000001,6C6B6804,00000000), ref: 6C6A136D
                                                                                                      • Part of subcall function 6C67C8D0: SysAllocString.OLEAUT32(?), ref: 6C67C8D9
                                                                                                      • Part of subcall function 6C67C8F0: SysFreeString.OLEAUT32(?), ref: 6C67C8F2
                                                                                                    • CoSetProxyBlanket.OLE32(00000000,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 6C6A13BE
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: String$AllocBlanketCreateFreeInstanceProxy
                                                                                                    • String ID: ROOT\CIMV2
                                                                                                    • API String ID: 2036101689-2786109267
                                                                                                    • Opcode ID: 0ec3b8bd1c0e8dab5ffd3c1ea239cbf7340458591e975a6b216806053c1ca401
                                                                                                    • Instruction ID: b606e5f4348f24b55a52a88338ad581534907be76a31658891be2e95294c1587
                                                                                                    • Opcode Fuzzy Hash: 0ec3b8bd1c0e8dab5ffd3c1ea239cbf7340458591e975a6b216806053c1ca401
                                                                                                    • Instruction Fuzzy Hash: DA215E70A01208FFDB14DFE1C880EAEBBBCEF45748F1045A9A915AB640D771DE06DB64
                                                                                                    Function 6C672860 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 71COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Xinvalid_argumentstd::_
                                                                                                    • String ID: list<T> too long
                                                                                                    • API String ID: 909987262-4027344264
                                                                                                    • Opcode ID: 48d37805fbb8fa655550429deafe608f19f0fee4e14e4ec148be46883dc5e674
                                                                                                    • Instruction ID: cc07b4bd6089f224fe7fc631af10a0ad0f63599a8eddc97626cb95e9806aefed
                                                                                                    • Opcode Fuzzy Hash: 48d37805fbb8fa655550429deafe608f19f0fee4e14e4ec148be46883dc5e674
                                                                                                    • Instruction Fuzzy Hash: EC119176A01219DBDB10CF58C540989F7F5EF89714B25896ADD08AB700D731ED09CBA5
                                                                                                    Function 6C67C700 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 71COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Xinvalid_argumentstd::_
                                                                                                    • String ID: list<T> too long
                                                                                                    • API String ID: 909987262-4027344264
                                                                                                    • Opcode ID: 691fa8f28ff799e2ea483df267f5b5e2aac1203ea075043e2b6cef30e724fbcf
                                                                                                    • Instruction ID: c1a91c2fa87afd2631c95d9ca80cdf424f06b2063dd2dc969153827110df6e18
                                                                                                    • Opcode Fuzzy Hash: 691fa8f28ff799e2ea483df267f5b5e2aac1203ea075043e2b6cef30e724fbcf
                                                                                                    • Instruction Fuzzy Hash: FE11CEB5A02205EFC724CF68D540A86B7F8FF09304B2889A9E909DB701D771ED41CBE8
                                                                                                    Function 6C66A5C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • std::_Xinvalid_argument.LIBCPMT ref: 6C66A64E
                                                                                                    • std::_Xinvalid_argument.LIBCPMT ref: 6C66A658
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Xinvalid_argumentstd::_
                                                                                                    • String ID: string too long
                                                                                                    • API String ID: 909987262-2556327735
                                                                                                    • Opcode ID: a219176081df872ad4191aab3d8006f9b7fa80aa9953dc9cd3ee0b758fcde79e
                                                                                                    • Instruction ID: 7691e934af6f0cf56d1ad718aab15af2aa25409d2d49a8e0f84b74dea3a4da03
                                                                                                    • Opcode Fuzzy Hash: a219176081df872ad4191aab3d8006f9b7fa80aa9953dc9cd3ee0b758fcde79e
                                                                                                    • Instruction Fuzzy Hash: 5F1106323083205A87305E5EF84085AB7A9FFE57757110A2FE596C7E61DB31E41487AF
                                                                                                    Function 6C673290 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 68COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • QueryPerformanceFrequency.KERNEL32(?), ref: 6C6732AE
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: FrequencyPerformanceQuery
                                                                                                    • String ID: AuthenticAMD$n3gl
                                                                                                    • API String ID: 4204123506-2730714810
                                                                                                    • Opcode ID: bfd1aea84acdf19e63ad611410f02c32097bb289af33a03da242f079c1a59c7e
                                                                                                    • Instruction ID: a7f7d63b0660b0a1a6a010d3e7e2a87a32b0d8c1e5765566d3fb573dfb3adda5
                                                                                                    • Opcode Fuzzy Hash: bfd1aea84acdf19e63ad611410f02c32097bb289af33a03da242f079c1a59c7e
                                                                                                    • Instruction Fuzzy Hash: C2219875D052189BDF20DF95C8416DDBBB5FF06308F204A29D414BBA50EB309984CBAD
                                                                                                    Function 6C67D170 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57libraryloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetModuleHandleW.KERNEL32(kernel32.dll), ref: 6C67D184
                                                                                                    • GetProcAddress.KERNEL32(00000000), ref: 6C67D195
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AddressHandleModuleProc
                                                                                                    • String ID: kernel32.dll
                                                                                                    • API String ID: 1646373207-1793498882
                                                                                                    • Opcode ID: 937a5ae2a8637532837f68a0c3eb677bd5214fa3fa685d8521d81719a8e652e0
                                                                                                    • Instruction ID: 357c2a2d52f2dbbd838cd3b9dd4f4775dc0e2737546412fcb437e59f653dbcd9
                                                                                                    • Opcode Fuzzy Hash: 937a5ae2a8637532837f68a0c3eb677bd5214fa3fa685d8521d81719a8e652e0
                                                                                                    • Instruction Fuzzy Hash: 3B018471A02209BAEF209E99DC44BEE7BBCEB85758F200896EC04D3140DB70D615CF79
                                                                                                    Function 6C6A6411 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 55COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • UuidCreate.RPCRT4(?), ref: 6C6A6431
                                                                                                      • Part of subcall function 6C662340: GetLastError.KERNEL32(?,00000000), ref: 6C6623D6
                                                                                                    Strings
                                                                                                    • UuidCreate, xrefs: 6C6A645F
                                                                                                    • c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\misc\uuid.cc, xrefs: 6C6A644B
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CreateErrorLastUuid
                                                                                                    • String ID: UuidCreate$c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\misc\uuid.cc
                                                                                                    • API String ID: 3740028514-535133227
                                                                                                    • Opcode ID: 091895056f1abe5628e943a1c53ee6ea466d3f3e9c6f849a37eb3be67f0f2367
                                                                                                    • Instruction ID: a2ad84b2e732a67efa7acaa1c8b724fc87b6685c9ada4d3d6ad7244fe5b9d06f
                                                                                                    • Opcode Fuzzy Hash: 091895056f1abe5628e943a1c53ee6ea466d3f3e9c6f849a37eb3be67f0f2367
                                                                                                    • Instruction Fuzzy Hash: 770128756052045EDB00DFA8EC41BEE73A8DF03308F104459E805B7A81CE72AD0E86AC
                                                                                                    Function 6C6941DC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: 2jl$phl
                                                                                                    • API String ID: 0-1354828142
                                                                                                    • Opcode ID: 4adbb6ee9389797ef3e385642a753369eece6e440358187ce7aca49f4701b48d
                                                                                                    • Instruction ID: 446b69974167176d28ec2f7531e74d5f3d660b048cf877a101500044d8dfb8bb
                                                                                                    • Opcode Fuzzy Hash: 4adbb6ee9389797ef3e385642a753369eece6e440358187ce7aca49f4701b48d
                                                                                                    • Instruction Fuzzy Hash: E9F0BB3521814ABADB149BD5C850AF973F8EF04704F40416AFD69CB980F6B4CE51D36E
                                                                                                    Function 6C68D66F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: _free
                                                                                                    • String ID: )L
                                                                                                    • API String ID: 269201875-3743221452
                                                                                                    • Opcode ID: b107aa67c77f137cb2a3f91db5752055d473d47085ad26552bc5c5d95f443884
                                                                                                    • Instruction ID: 75df0886136d3760aeb45762df205d4cb1be4ffebfd48c823f8d965111e87663
                                                                                                    • Opcode Fuzzy Hash: b107aa67c77f137cb2a3f91db5752055d473d47085ad26552bc5c5d95f443884
                                                                                                    • Instruction Fuzzy Hash: 65E0E522747C2620E661323B2C00BDB06694FC373CF110327F428A6AC8DF70458E51BE
                                                                                                    Function 6C664D10 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 32COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • std::_Xinvalid_argument.LIBCPMT ref: 6C664E2C
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Xinvalid_argumentstd::_
                                                                                                    • String ID: invalid string position$string too long
                                                                                                    • API String ID: 909987262-4289949731
                                                                                                    • Opcode ID: cdf32a26912e4d007ee43e6904d4eff207718c5783f787fdabbab465944118d4
                                                                                                    • Instruction ID: e9b3de342c1661fd550c86bd930aca9e4bf072ff54927f2e2974447b9c889d1c
                                                                                                    • Opcode Fuzzy Hash: cdf32a26912e4d007ee43e6904d4eff207718c5783f787fdabbab465944118d4
                                                                                                    • Instruction Fuzzy Hash: 66D05E7410010A3B06249B9ADCD0C8F729D5F1E2A47004C16FE04A7E96EA70D8204F7F
                                                                                                    Function 6C6970A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetOEMCP.KERNEL32(00000000,6C697329,?,?,?), ref: 6C6970CB
                                                                                                    • GetACP.KERNEL32(00000000,6C697329,?,?,?), ref: 6C6970E2
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: )sil
                                                                                                    • API String ID: 0-1525814332
                                                                                                    • Opcode ID: 19d9001aee45ea8ab3c8bdfe96959b1604c6ee6700e712d7e773a3a9c55f3830
                                                                                                    • Instruction ID: e4bc90863382e164d1b828773cae5ff1c02620f6e3887c06a2be07c9e9c1c80a
                                                                                                    • Opcode Fuzzy Hash: 19d9001aee45ea8ab3c8bdfe96959b1604c6ee6700e712d7e773a3a9c55f3830
                                                                                                    • Instruction Fuzzy Hash: 6DF068706092498FDB10DB59C4887AC77F4AB06339F140384E934465D1C7B27994CB8E
                                                                                                    Function 6C685124 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetModuleFileNameW.KERNEL32(?,?,"Rhl,00000001,00000000,?,6C685222,?,?,00000104), ref: 6C685134
                                                                                                    • GetLastError.KERNEL32(?,6C685222,?,?,00000104), ref: 6C68514B
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorFileLastModuleName
                                                                                                    • String ID: "Rhl
                                                                                                    • API String ID: 2776309574-2909245099
                                                                                                    • Opcode ID: eab5f9b95e1dd440bc7eb418031cef8ded1ea0704f0573bb4d5b56c0ea4ce1d4
                                                                                                    • Instruction ID: ce524b1080869fa451e364d51e381f9d66a5af1a16d77e5b8fc6241c64619cdd
                                                                                                    • Opcode Fuzzy Hash: eab5f9b95e1dd440bc7eb418031cef8ded1ea0704f0573bb4d5b56c0ea4ce1d4
                                                                                                    • Instruction Fuzzy Hash: 36E0483634611577DB111F9BDC0495F7B7CEE45769B044116F94AC3610D730E41187F8
                                                                                                    Function 6C6A7450 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 6C6A2CC2: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,6C6A747F,?,?,?,6C66133F), ref: 6C6A2CC7
                                                                                                      • Part of subcall function 6C6A2CC2: GetLastError.KERNEL32(?,6C6A747F,?,?,?,6C66133F), ref: 6C6A2CD1
                                                                                                    • IsDebuggerPresent.KERNEL32(?,?,?,6C66133F), ref: 6C6A7483
                                                                                                    • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,6C66133F), ref: 6C6A7492
                                                                                                    Strings
                                                                                                    • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 6C6A748D
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CountCriticalDebugDebuggerErrorInitializeLastOutputPresentSectionSpinString
                                                                                                    • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                    • API String ID: 450123788-631824599
                                                                                                    • Opcode ID: a95db7e8313e9396dbd16524b543e8c2418e13514c8e873a354e92ce08024086
                                                                                                    • Instruction ID: edbff17dfc95140f2fa77c0d04bd646e95b26eda9d49fa0ae0056ede37283012
                                                                                                    • Opcode Fuzzy Hash: a95db7e8313e9396dbd16524b543e8c2418e13514c8e873a354e92ce08024086
                                                                                                    • Instruction Fuzzy Hash: 72E06D70308B418FD7609FAAD5443867BF8AF56304F00896ED496C3B01E7B5E8498BEE
                                                                                                    Function 6C6A5C01 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • std::_Xinvalid_argument.LIBCPMT ref: 6C6A5C2E
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Xinvalid_argumentstd::_
                                                                                                    • String ID: Tjl$vector<T> too long
                                                                                                    • API String ID: 909987262-3246384229
                                                                                                    • Opcode ID: 12e48f32982350e50b74e681ab6f08cc7981ec66dbdeb290413944e41f85f530
                                                                                                    • Instruction ID: 46fc7bf16f230c0c9f3e6232504954b8731a3afb9c9f7aa37caa3c886e879182
                                                                                                    • Opcode Fuzzy Hash: 12e48f32982350e50b74e681ab6f08cc7981ec66dbdeb290413944e41f85f530
                                                                                                    • Instruction Fuzzy Hash: FBD01271040A18A6C125D9D8E485C9AB7DC9B057A9B1458A7E51559808C532E8D2C699
                                                                                                    Function 6C67FC31 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • std::invalid_argument::invalid_argument.LIBCONCRT ref: 6C67FC3D
                                                                                                      • Part of subcall function 6C67FBB2: std::exception::exception.LIBCONCRT ref: 6C67FBBF
                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 6C67FC4B
                                                                                                      • Part of subcall function 6C682BD6: RaiseException.KERNEL32(?,?,?,6C6813B7,00000000,00000000,00000000,?,?,?,?,?,6C6813B7,?,6C6BB2E0), ref: 6C682C35
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ExceptionException@8RaiseThrowstd::exception::exceptionstd::invalid_argument::invalid_argument
                                                                                                    • String ID: Unknown exception
                                                                                                    • API String ID: 1586462112-410509341
                                                                                                    • Opcode ID: de4672b17507c445fcd7ab98b624de2c94c45da7edc1058964685397f176d717
                                                                                                    • Instruction ID: 1d80c3bd9a00d6dde63bf37f726d96cab4d32bd28b62d4ac0bdbc87267a2f3e0
                                                                                                    • Opcode Fuzzy Hash: de4672b17507c445fcd7ab98b624de2c94c45da7edc1058964685397f176d717
                                                                                                    • Instruction Fuzzy Hash: 4BD0A738900108B7CB10DEE4D854DC9777C6F01648BD08865EA24D7D45E770EA5A8BDE
                                                                                                    Function 6C6976FE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 6COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CommandLine
                                                                                                    • String ID: (,F
                                                                                                    • API String ID: 3253501508-1871790401
                                                                                                    • Opcode ID: 7c5b09000c1168977e16cb898bd90279db77d8108e8789acb7bf53b7f370df12
                                                                                                    • Instruction ID: 11612ad9face2c843244334099491cc0f898384c1f400f63e2e836fcdb92c5d1
                                                                                                    • Opcode Fuzzy Hash: 7c5b09000c1168977e16cb898bd90279db77d8108e8789acb7bf53b7f370df12
                                                                                                    • Instruction Fuzzy Hash: 2DB048BCA00200CB8F118FA3A0C80087AB0B69A202B808897D80182201D67A10618F6C
                                                                                                    Function 6C694371 Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000009,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,?), ref: 6C694407
                                                                                                    • GetLastError.KERNEL32 ref: 6C694415
                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,00000000), ref: 6C694470
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.613195254.000000006C661000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C660000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.613192366.000000006C660000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613201441.000000006C6AA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613205278.000000006C6BD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613208274.000000006C6C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    • Associated: 00000002.00000002.613211188.000000006C6C3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_6c660000_f_0002b5.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ByteCharMultiWide$ErrorLast
                                                                                                    • String ID:
                                                                                                    • API String ID: 1717984340-0
                                                                                                    • Opcode ID: ebd7f6972d5025cb178bb075c448c283812bba963db7a6fc3c07bdf222b80e70
                                                                                                    • Instruction ID: 3e119020bd68e4487a6e61cf4ce210060d515b869628c2d930e837c676b0fc9b
                                                                                                    • Opcode Fuzzy Hash: ebd7f6972d5025cb178bb075c448c283812bba963db7a6fc3c07bdf222b80e70
                                                                                                    • Instruction Fuzzy Hash: 6C412D30605217AFDF118F65C844BBE7BB5EF02B18F244269FD7897A91D7B09901CB68