Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
f_0002b5.exe

Overview

General Information

Sample name:f_0002b5.exe
renamed because original name is a hash value
Original sample name:f_0002b5
Analysis ID:1445830
MD5:aee6801792d67607f228be8cec8291f9
SHA1:bf6ba727ff14ca2fddf619f292d56db9d9088066
SHA256:1cdafbe519f60aaadb4a92e266fff709129f86f0c9ee595c45499c66092e0499
Infos:

Detection

Score:51
Range:0 - 100
Whitelisted:false
Confidence:100%

Compliance

Score:48
Range:0 - 100

Signatures

Detected unpacking (changes PE section rights)
Hides that the sample has been downloaded from the Internet (zone.identifier)
Queries memory information (via WMI often done to detect virtual machines)
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to launch a process as a different user
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Detected potential crypto function
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Installs a raw input device (often for capturing keystrokes)
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
OS version to string mapping found (often used in BOTs)
PE file does not import any functions
Queries information about the installed CPU (vendor, model number etc)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: DNS Query To Remote Access Software Domain From Non-Browser App
Tries to disable installed Antivirus / HIPS / PFW
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses the system / local time for branch decision (may execute only at specific dates)

Classification

Process Tree

  • System is w7x64
  • f_0002b5.exe (PID: 980 cmdline: "C:\Users\user\Desktop\f_0002b5.exe" MD5: AEE6801792D67607F228BE8CEC8291F9)
    • f_0002b5.exe (PID: 1424 cmdline: "C:\Users\user\Desktop\f_0002b5.exe" --local-service MD5: AEE6801792D67607F228BE8CEC8291F9)
    • f_0002b5.exe (PID: 2596 cmdline: "C:\Users\user\Desktop\f_0002b5.exe" --local-control MD5: AEE6801792D67607F228BE8CEC8291F9)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: DNS Query To Remote Access Software Domain From Non-Browser App
Source: DNS queryAuthor: frack113, Connor Martin: Data: Image: C:\Users\user\Desktop\f_0002b5.exe, QueryName: boot.net.anydesk.com

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Compliance

barindex
Uses 32bit PE files
Source: f_0002b5.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
PE / OLE file has a valid certificate
Source: f_0002b5.exeStatic PE information: certificate valid
Uses secure TLS version for HTTPS connections
Source: unknownHTTPS traffic detected: 57.128.101.74:443 -> 192.168.2.22:49163 version: TLS 1.2
Source: unknownHTTPS traffic detected: 89.187.179.162:443 -> 192.168.2.22:49165 version: TLS 1.2
Contains modern PE file flags such as dynamic base (ASLR) or NX
Source: f_0002b5.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Binary contains paths to debug symbols
Source: Binary string: C:\b\build\slave\win\build\src\out\Release\gcapi_dll.dll.pdbGCTL source: f_0002b5.exe, 00000002.00000002.741416079.0000000005DD3000.00000004.00000001.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000003.374685699.0000000005297000.00000004.00000001.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.741357798.0000000005AD9000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000003.374622056.00000000004B7000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.741357798.0000000005AF7000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmp, f_0002b5.exe, 00000003.00000002.741308651.00000000693EA000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: C:\Buildbot\ad-windows-32\build\release\app-32\win_app\win_app.pdb@? source: f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: C:\Buildbot\ad-windows-32\build\release\dwm_dda-32\privacy_feature\privacy_feature.pdb source: f_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740983510.0000000002430000.00000004.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.740950010.0000000002430000.00000004.00000001.01000000.00000003.sdmp
Source: Binary string: C:\Buildbot\ad-windows-32\build\release\app-32\win_loader\AnyDesk.pdb source: f_0002b5.exe, 00000000.00000000.343614911.00000000025DA000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.741042507.00000000025DA000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000003.00000000.347459369.00000000025DA000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: C:\Buildbot\ad-windows-32\build\release\dwm_dda-64\win_dwm\win_dwm.pdb source: f_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740983510.0000000002430000.00000004.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.740950010.0000000002430000.00000004.00000001.01000000.00000003.sdmp
Source: Binary string: C:\Buildbot\ad-windows-32\build\release\dwm_dda-32\win_dwm\win_dwm.pdb source: f_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740983510.00000000023F4000.00000004.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Buildbot\ad-windows-32\build\release\app-32\win_app\win_app.pdb source: f_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Buildbot\ad-windows-32\build\release\dwm_dda-64\privacy_feature\privacy_feature.pdb source: f_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740983510.0000000002430000.00000004.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.740950010.0000000002430000.00000004.00000001.01000000.00000003.sdmp
Source: Binary string: C:\b\build\slave\win\build\src\out\Release\gcapi_dll.dll.pdb source: f_0002b5.exe, 00000002.00000002.741416079.0000000005DD3000.00000004.00000001.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000003.374685699.0000000005297000.00000004.00000001.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.741357798.0000000005AD9000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000003.374622056.00000000004B7000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.741357798.0000000005AF7000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmp, f_0002b5.exe, 00000003.00000002.741308651.00000000693EA000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: SAS.pdbR source: f_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740983510.00000000023F4000.00000004.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: SAS.pdb source: f_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740983510.00000000023F4000.00000004.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: 2_2_693D6C6E FindFirstFileExA,2_2_693D6C6E
Source: Joe Sandbox ViewIP Address: 57.128.101.74 57.128.101.74
Source: Joe Sandbox ViewIP Address: 185.229.191.39 185.229.191.39
Source: Joe Sandbox ViewJA3 fingerprint: c91bde19008eefabce276152ccd51457
Source: global trafficDNS traffic detected: DNS query: boot.net.anydesk.com
Source: global trafficDNS traffic detected: DNS query: relay-7360779b.net.anydesk.com
Source: global trafficDNS traffic detected: DNS query: api.playanext.com
Source: unknownHTTP traffic detected: POST /httpapi HTTP/1.1Host: api.playanext.comUser-Agent: AnyDesk/8.0.10Accept: */*Content-Length: 354Content-Type: application/x-www-form-urlencodedapi_key=c1426bd258099fa69f62933b466d4b77&event=[{"event_type":"check_offer","user_id":"ce78ba6006c8d8502433d93ee0a50185","session_id":1716391606585606,"ip":"$remote","event_properties":{"method_used":"Google Chrome Criteria Checker","offer_product":"Google Chrome","distributor":"AnyDesk","distributor_product":"AnyDesk","user_country":"United States"}}Data Raw: Data Ascii:
Source: f_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.740865359.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000003.00000003.348735825.00000000034F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://iptc.org/std/Iptc4xmpExt/2008-02-29/
Source: f_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.740865359.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000003.00000003.348735825.00000000034F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ns.useplus.org/ldf/xmp/1.0/
Source: f_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.740865359.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000003.00000003.348735825.00000000034F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.gimp.org/xmp/
Source: f_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.740865359.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000003.00000003.348735825.00000000034F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.opengl.org/registry/
Source: f_0002b5.exe, 00000003.00000003.348735825.00000000034F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.openssl.org/)
Source: f_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.openssl.org/support/faq.html
Source: f_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.openssl.org/support/faq.htmlEC_PRIVATEKEYpublicKeyparametersprivateKeyECPKPARAMETERSvalue
Source: f_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.740865359.0000000001DE6000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://anydesk.com
Source: f_0002b5.exe, 00000003.00000003.348735825.00000000034F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anydesk.com/
Source: f_0002b5.exe, 00000003.00000002.741113349.0000000004330000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anydesk.com/U
Source: f_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.740865359.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000003.00000003.371662131.0000000000AB9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anydesk.com/company#imprint
Source: f_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.740865359.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000003.00000003.371662131.0000000000AB9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anydesk.com/contact/sales
Source: f_0002b5.exe, 00000003.00000003.348735825.00000000034F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anydesk.com/contact/sales)
Source: f_0002b5.exe, 00000003.00000003.348735825.00000000034F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anydesk.com/de/datenschutz
Source: f_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.740865359.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000003.00000003.348735825.00000000034F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anydesk.com/en/assembly
Source: f_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.740865359.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000003.00000003.348735825.00000000034F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anydesk.com/en/assembly/terms
Source: f_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.740865359.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000003.00000003.372700799.0000000000B2B000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000003.371662131.0000000000AB9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anydesk.com/en/changelog/windows
Source: f_0002b5.exe, 00000003.00000003.348735825.00000000034F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anydesk.com/en/privacy
Source: f_0002b5.exe, 00000003.00000003.348735825.00000000034F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anydesk.com/es/privacidad
Source: f_0002b5.exe, 00000003.00000003.371662131.0000000000AB9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anydesk.com/order
Source: f_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.740865359.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000003.00000003.371662131.0000000000AB9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anydesk.com/pricing/teams
Source: f_0002b5.exe, 00000003.00000003.348735825.00000000034F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anydesk.com/pricing/teams)
Source: f_0002b5.exe, 00000003.00000003.371662131.0000000000AB9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anydesk.com/privacy
Source: f_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.740865359.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000003.00000003.371662131.0000000000AB9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anydesk.com/terms
Source: f_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.740865359.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000003.00000003.371662131.0000000000AB9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anydesk.com/update
Source: f_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.740865359.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000003.00000003.348735825.00000000034F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://boot.net.anydesk.comabcdefABCDEFtruefalsetfInvalid
Source: f_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.740865359.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000003.00000003.348735825.00000000034F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://datatracker.ietf.org/ipr/1524/
Source: f_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.740865359.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000003.00000003.348735825.00000000034F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://datatracker.ietf.org/ipr/1526/
Source: f_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.740865359.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000003.00000003.348735825.00000000034F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://datatracker.ietf.org/ipr/1914/
Source: f_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.740865359.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000003.00000003.371662131.0000000000AB9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.anydesk.com
Source: f_0002b5.exe, 00000003.00000002.740865359.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000003.00000003.371662131.0000000000AB9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.anydesk.com/
Source: f_0002b5.exe, 00000003.00000003.371662131.0000000000AB9000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.741113349.0000000004330000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.anydesk.com/$
Source: f_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.740865359.0000000001DE6000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://help.anydesk.com/HelpLinkInstallLocationAnyDesk
Source: f_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.740865359.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000003.00000003.371662131.0000000000AB9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://my.anydesk.com
Source: f_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.740865359.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000003.00000003.348735825.00000000034F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://my.anydesk.com/auth/realms/myanydesk/login-actions/reset-credentials
Source: f_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.740865359.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000003.00000003.371662131.0000000000AB9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://my.anydesk.com/auth/realms/myanydesk/login-actions/reset-credentials?client_id=myanydesk-fro
Source: f_0002b5.exe, 00000003.00000003.348735825.00000000034F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://my.anydesk.com/auth/realms/myanydesk/protocol/openid-connect/registrations?client_id=myanyde
Source: f_0002b5.exe, 00000003.00000002.740865359.0000000001DE6000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://my.anydesk.com/password-generator.
Source: f_0002b5.exe, 00000003.00000003.371662131.0000000000AB9000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000003.348735825.00000000034F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://my.anydesk.com/v2
Source: f_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.740865359.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000003.00000003.371662131.0000000000AB9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://order.anydesk.com/trial
Source: f_0002b5.exe, 00000000.00000003.348416638.0000000000B8D000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.740865359.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000003.00000003.371662131.0000000000AB9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://policies.google.com/privacy?hl=$
Source: f_0002b5.exe, 00000003.00000002.740865359.0000000001DE6000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://support.anydesk.com
Source: f_0002b5.exe, 00000000.00000003.348416638.0000000000B8D000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.740865359.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000003.00000003.371662131.0000000000AB9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.anydesk.com/knowledge/account-migration
Source: f_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.740865359.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000003.00000003.372700799.0000000000B2B000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000003.371662131.0000000000AB9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.anydesk.com/knowledge/anydesk-account
Source: f_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.740865359.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000003.00000003.371662131.0000000000AB9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.anydesk.com/knowledge/anydesk-for-android-chromeos#troubleshooting
Source: f_0002b5.exe, 00000003.00000002.741113349.0000000004330000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.anydesk.com/knowledge/anydesk-for-android-chromeos#troubleshootingp
Source: f_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.740865359.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000003.00000003.371662131.0000000000AB9000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.741113349.0000000004330000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.anydesk.com/knowledge/anydesk-id-and-alias
Source: f_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.740865359.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000003.00000003.372700799.0000000000B2B000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000003.371662131.0000000000AB9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.anydesk.com/knowledge/my-anydesk-ii#user-management
Source: f_0002b5.exe, 00000000.00000003.348416638.0000000000B8D000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.740865359.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000003.00000003.371662131.0000000000AB9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.anydesk.com/knowledge/quick-start-guide
Source: f_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.740865359.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000003.00000003.372700799.0000000000B2B000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000003.371662131.0000000000AB9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.anydesk.com/knowledge/status-anynet_overload
Source: f_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.740865359.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000003.00000003.372700799.0000000000B2B000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000003.371662131.0000000000AB9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.anydesk.com/knowledge/status-desk_rt_auto_disconnect
Source: f_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.740865359.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000003.00000003.372700799.0000000000B2B000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000003.371662131.0000000000AB9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.anydesk.com/knowledge/status-desk_rt_ipc_error
Source: f_0002b5.exe, 00000000.00000003.348416638.0000000000B8D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.anydesk.com/knowledge/status-desk_rt_ipc_errors.
Source: f_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.740865359.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000003.00000003.372700799.0000000000B2B000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000003.371662131.0000000000AB9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.anydesk.com/knowledge/the-session-has-ended-unexpectedly
Source: f_0002b5.exe, 00000003.00000002.741113349.0000000004330000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.anydesk.com/knowledge/the-session-has-ended-unexpectedly9
Source: f_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.740865359.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000003.00000003.372700799.0000000000B2B000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000003.371662131.0000000000AB9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.anydesk.com/knowledge/users
Source: f_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.740865359.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000003.00000003.372700799.0000000000B2B000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000003.371662131.0000000000AB9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.anydesk.com/knowledge/waiting-for-image-black-screen
Source: f_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.740865359.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000003.00000003.372700799.0000000000B2B000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000003.371662131.0000000000AB9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.anydesk.com/knowledge/what-is-full-client-management
Source: f_0002b5.exeString found in binary or memory: https://support.google.com/chrome/contact/chromeuninstall3?hl=$1
Source: f_0002b5.exe, 00000002.00000003.374622056.00000000004B7000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmp, f_0002b5.exe, 00000003.00000002.741308651.00000000693EA000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: https://support.google.com/chrome/contact/chromeuninstall3?hl=$1microsoft-edge:openFailed
Source: f_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.740865359.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000003.00000003.371662131.0000000000AB9000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.741113349.0000000004330000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/intl/$
Source: f_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.740865359.0000000001DE6000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.nayuki.io/page/qr-code-generator-library
Source: unknownNetwork traffic detected: HTTP traffic on port 49163 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49165 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49165
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49163
Source: unknownHTTPS traffic detected: 57.128.101.74:443 -> 192.168.2.22:49163 version: TLS 1.2
Source: unknownHTTPS traffic detected: 89.187.179.162:443 -> 192.168.2.22:49165 version: TLS 1.2
Source: f_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DirectDrawCreateExmemstr_d47d29dd-e
Source: C:\Users\user\Desktop\f_0002b5.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
Source: f_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: GetRawInputDatamemstr_4ecc4b8e-3
Source: C:\Users\user\Desktop\f_0002b5.exeMemory allocated: 770B0000 page execute and read and writeJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeMemory allocated: 770B0000 page execute and read and writeJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeMemory allocated: 770B0000 page execute and read and writeJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: 2_2_693BB6C0 new,SetHandleInformation,CreateEnvironmentBlock,CreateProcessAsUserW,DestroyEnvironmentBlock,CreateProcessW,AssignProcessToJobObject,GetCurrentProcess,GetCurrentProcess,TerminateProcess,GetCurrentProcess,WaitForSingleObject,ResumeThread,WaitForSingleObject,2_2_693BB6C0
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: 2_2_693C39A42_2_693C39A4
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: 2_2_693C4B222_2_693C4B22
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: 2_2_693B5D102_2_693B5D10
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: 2_2_693C7F4E2_2_693C7F4E
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: 2_2_693CAE202_2_693CAE20
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: 2_2_693C3EA02_2_693C3EA0
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: 2_2_693C1ED02_2_693C1ED0
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: 2_2_693C817D2_2_693C817D
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: 2_2_693AA0902_2_693AA090
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: 2_2_693D30932_2_693D3093
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: 2_2_693D23012_2_693D2301
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: 2_2_693C03B72_2_693C03B7
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: 2_2_693C42B82_2_693C42B8
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: 2_2_693D85172_2_693D8517
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: 2_2_693B45802_2_693B4580
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: 2_2_693C46ED2_2_693C46ED
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: 2_2_693D56C92_2_693D56C9
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: String function: 693A2340 appears 31 times
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: String function: 693A6EC0 appears 51 times
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: String function: 693BFC11 appears 50 times
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: String function: 693C1630 appears 48 times
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: String function: 693A2EA0 appears 47 times
Source: f_0002b5.exeStatic PE information: No import functions for PE file found
Source: f_0002b5.exe, 00000000.00000003.345330532.0000000000548000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentshrui.dll.muij% vs f_0002b5.exe
Source: f_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesas.dllj% vs f_0002b5.exe
Source: f_0002b5.exe, 00000002.00000002.740983510.00000000023F4000.00000004.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamesas.dllj% vs f_0002b5.exe
Source: f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesas.dllj% vs f_0002b5.exe
Source: f_0002b5.exe, 00000003.00000003.351331652.000000000058E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentshrui.dll.muij% vs f_0002b5.exe
Source: f_0002b5.exe, 00000003.00000003.351349326.0000000000599000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentshrui.dll.muij% vs f_0002b5.exe
Source: f_0002b5.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: classification engineClassification label: mal51.evad.winEXE@5/8@5/4
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: 2_2_693A29A0 FormatMessageA,GetLastError,2_2_693A29A0
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: 2_2_693DFFEC LaunchGoogleChrome,CoInitializeEx,CoInitializeSecurity,GetCurrentProcessId,GetShellWindow,GetWindowThreadProcessId,LocalFree,OpenProcess,OpenProcessToken,DuplicateTokenEx,ImpersonateLoggedOnUser,CloseHandle,CloseHandle,CloseHandle,LocalFree,LocalFree,CoCreateInstance,RevertToSelf,CoUninitialize,2_2_693DFFEC
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: 2_2_693E2CE9 LoadResource,LockResource,SizeofResource,2_2_693E2CE9
Source: C:\Users\user\Desktop\f_0002b5.exeFile created: C:\Users\user\AppData\Roaming\AnyDeskJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ad_mailbox_980_1822284581_1_mtx
Source: C:\Users\user\Desktop\f_0002b5.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ad_qipcstobjmtx
Source: C:\Users\user\Desktop\f_0002b5.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ad_mailbox_980_1822284581_0_mtx
Source: C:\Users\user\Desktop\f_0002b5.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ad_qipcmtx_1424_924_13
Source: C:\Users\user\Desktop\f_0002b5.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ad_qipcmtx_1424_924_12
Source: C:\Users\user\Desktop\f_0002b5.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ad_mailbox_2596_1840068612_1_mtx
Source: C:\Users\user\Desktop\f_0002b5.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ad_qipcmtx_1424_924_11
Source: C:\Users\user\Desktop\f_0002b5.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ad_qipcmtx_1424_924_3
Source: C:\Users\user\Desktop\f_0002b5.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ad_qipcmtx_1424_924_18
Source: C:\Users\user\Desktop\f_0002b5.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ad_qipcmtx_2596_1240_0
Source: C:\Users\user\Desktop\f_0002b5.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ad_qipcmtx_1424_924_17
Source: C:\Users\user\Desktop\f_0002b5.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ad_qipcmtx_2596_2136_0
Source: C:\Users\user\Desktop\f_0002b5.exeMutant created: \Sessions\1\BaseNamedObjects\Session\1\ad_connect_queue_1424_1838820610_mtx
Source: C:\Users\user\Desktop\f_0002b5.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ad_8010_lsystem_mtx
Source: C:\Users\user\Desktop\f_0002b5.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ad_qipcmtx_1424_924_6
Source: C:\Users\user\Desktop\f_0002b5.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ad_mailbox_2596_1840068612_0_mtx
Source: C:\Users\user\Desktop\f_0002b5.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ad_trace_mtx
Source: C:\Users\user\Desktop\f_0002b5.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ad_qipcmtx_1424_924_5
Source: C:\Users\user\Desktop\f_0002b5.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ad_qipcmtx_1424_924_4
Source: C:\Users\user\Desktop\f_0002b5.exeFile created: C:\Users\user\AppData\Local\Temp\gcapi.dllJump to behavior
Source: f_0002b5.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\f_0002b5.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessorId FROM Win32_Processor
Source: C:\Users\user\Desktop\f_0002b5.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: f_0002b5.exeString found in binary or memory: Removed multi-install failure key; switching to channel:
Source: C:\Users\user\Desktop\f_0002b5.exeFile read: C:\Users\user\Desktop\f_0002b5.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\f_0002b5.exe "C:\Users\user\Desktop\f_0002b5.exe"
Source: C:\Users\user\Desktop\f_0002b5.exeProcess created: C:\Users\user\Desktop\f_0002b5.exe "C:\Users\user\Desktop\f_0002b5.exe" --local-service
Source: C:\Users\user\Desktop\f_0002b5.exeProcess created: C:\Users\user\Desktop\f_0002b5.exe "C:\Users\user\Desktop\f_0002b5.exe" --local-control
Source: C:\Users\user\Desktop\f_0002b5.exeProcess created: C:\Users\user\Desktop\f_0002b5.exe "C:\Users\user\Desktop\f_0002b5.exe" --local-serviceJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeProcess created: C:\Users\user\Desktop\f_0002b5.exe "C:\Users\user\Desktop\f_0002b5.exe" --local-controlJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: wow64win.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: wow64cpu.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: webio.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: slc.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: linkinfo.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: duser.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: dui70.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: wbemcomn2.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: bcrypt.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: rpcrtremote.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: ntdsapi.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: shcore.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: wow64win.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: wow64cpu.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: webio.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: rpcrtremote.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: wow64win.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: wow64cpu.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: webio.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: slc.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: credssp.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32Jump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeWindow found: window name: SysTabControl32Jump to behavior
Source: f_0002b5.exeStatic PE information: certificate valid
Source: f_0002b5.exeStatic file information: File size 5328200 > 1048576
Source: f_0002b5.exeStatic PE information: Raw size of .data is bigger than: 0x100000 < 0x507c00
Source: f_0002b5.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: f_0002b5.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: C:\b\build\slave\win\build\src\out\Release\gcapi_dll.dll.pdbGCTL source: f_0002b5.exe, 00000002.00000002.741416079.0000000005DD3000.00000004.00000001.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000003.374685699.0000000005297000.00000004.00000001.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.741357798.0000000005AD9000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000003.374622056.00000000004B7000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.741357798.0000000005AF7000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmp, f_0002b5.exe, 00000003.00000002.741308651.00000000693EA000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: C:\Buildbot\ad-windows-32\build\release\app-32\win_app\win_app.pdb@? source: f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: C:\Buildbot\ad-windows-32\build\release\dwm_dda-32\privacy_feature\privacy_feature.pdb source: f_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740983510.0000000002430000.00000004.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.740950010.0000000002430000.00000004.00000001.01000000.00000003.sdmp
Source: Binary string: C:\Buildbot\ad-windows-32\build\release\app-32\win_loader\AnyDesk.pdb source: f_0002b5.exe, 00000000.00000000.343614911.00000000025DA000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000002.741042507.00000000025DA000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000003.00000000.347459369.00000000025DA000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: C:\Buildbot\ad-windows-32\build\release\dwm_dda-64\win_dwm\win_dwm.pdb source: f_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740983510.0000000002430000.00000004.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.740950010.0000000002430000.00000004.00000001.01000000.00000003.sdmp
Source: Binary string: C:\Buildbot\ad-windows-32\build\release\dwm_dda-32\win_dwm\win_dwm.pdb source: f_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740983510.00000000023F4000.00000004.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Buildbot\ad-windows-32\build\release\app-32\win_app\win_app.pdb source: f_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Buildbot\ad-windows-32\build\release\dwm_dda-64\privacy_feature\privacy_feature.pdb source: f_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740983510.0000000002430000.00000004.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.740950010.0000000002430000.00000004.00000001.01000000.00000003.sdmp
Source: Binary string: C:\b\build\slave\win\build\src\out\Release\gcapi_dll.dll.pdb source: f_0002b5.exe, 00000002.00000002.741416079.0000000005DD3000.00000004.00000001.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000003.374685699.0000000005297000.00000004.00000001.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.741357798.0000000005AD9000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000003.374622056.00000000004B7000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.741357798.0000000005AF7000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmp, f_0002b5.exe, 00000003.00000002.741308651.00000000693EA000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: SAS.pdbR source: f_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740983510.00000000023F4000.00000004.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: SAS.pdb source: f_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740983510.00000000023F4000.00000004.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp

Data Obfuscation

barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\f_0002b5.exeUnpacked PE file: 2.2.f_0002b5.exe.13a0000.0.unpack .text:ER;.itext:W;.rdata:R;.data:W;.rsrc:R;.reloc:R; vs .text:ER;.itext:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: 2_2_693AFCD0 push ecx; mov dword ptr [esp], 00000000h2_2_693AFCD7
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: 2_2_693C11DF push ecx; ret 2_2_693C11F2
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: 2_2_693C1676 push ecx; ret 2_2_693C1689
Source: C:\Users\user\Desktop\f_0002b5.exeFile created: C:\Users\user\Desktop\gcapi.dllJump to dropped file
Source: C:\Users\user\Desktop\f_0002b5.exeFile created: C:\Users\user\AppData\Local\Temp\gcapi.dllJump to dropped file

Hooking and other Techniques for Hiding and Protection

barindex
Hides that the sample has been downloaded from the Internet (zone.identifier)
Source: C:\Users\user\Desktop\f_0002b5.exeFile opened: C:\Users\user\Desktop\f_0002b5.exe:Zone.Identifier read attributes | deleteJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: 2_2_693C03B7 GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,2_2_693C03B7
Source: C:\Users\user\Desktop\f_0002b5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Queries memory information (via WMI often done to detect virtual machines)
Source: C:\Users\user\Desktop\f_0002b5.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber FROM Win32_PhysicalMemory
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Source: C:\Users\user\Desktop\f_0002b5.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber FROM Win32_DiskDrive
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Source: C:\Users\user\Desktop\f_0002b5.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT MACAddress FROM Win32_NetworkAdapter WHERE PhysicalAdapter = TRUE
Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
Source: C:\Users\user\Desktop\f_0002b5.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\f_0002b5.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeDropped PE file which has not been started: C:\Users\user\Desktop\gcapi.dllJump to dropped file
Source: C:\Users\user\Desktop\f_0002b5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\gcapi.dllJump to dropped file
Source: C:\Users\user\Desktop\f_0002b5.exeAPI coverage: 5.6 %
Source: C:\Users\user\Desktop\f_0002b5.exe TID: 2836Thread sleep time: -8301034833169293s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exe TID: 2852Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exe TID: 2768Thread sleep time: -120000s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exe TID: 2768Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exe TID: 2672Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exe TID: 2836Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exe TID: 2720Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exe TID: 2720Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exe TID: 2520Thread sleep time: -1844674407370954s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exe TID: 2760Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exe TID: 2708Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exe TID: 2520Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber FROM Win32_BaseBoard
Source: C:\Users\user\Desktop\f_0002b5.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessorId FROM Win32_Processor
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: 2_2_693DF147 GetLocalTime followed by cmp: cmp dx, 000ch and CTI: jbe 693DF183h2_2_693DF147
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: 2_2_693D6C6E FindFirstFileExA,2_2_693D6C6E
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: 2_2_693BF1AA VirtualQuery,GetSystemInfo,2_2_693BF1AA
Source: C:\Users\user\Desktop\f_0002b5.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: f_0002b5.exe, 00000000.00000003.345330532.0000000000548000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: MVmciwave.dllH
Source: f_0002b5.exe, 00000000.00000003.345262752.0000000000554000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: LVmciwave.dll
Source: f_0002b5.exe, 00000000.00000003.345262752.0000000000554000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Vmcicda.dll
Source: C:\Users\user\Desktop\f_0002b5.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: 2_2_693C5F8C IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_693C5F8C
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: 2_2_693C9E6A mov eax, dword ptr fs:[00000030h]2_2_693C9E6A
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: 2_2_693CB428 GetProcessHeap,2_2_693CB428
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: 2_2_693C5F8C IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_693C5F8C
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: 2_2_693C0FC3 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_693C0FC3
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: 2_2_693C14B2 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_693C14B2
Source: C:\Users\user\Desktop\f_0002b5.exeMemory protected: page read and write | page guardJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeProcess created: C:\Users\user\Desktop\f_0002b5.exe "C:\Users\user\Desktop\f_0002b5.exe" --local-serviceJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeProcess created: C:\Users\user\Desktop\f_0002b5.exe "C:\Users\user\Desktop\f_0002b5.exe" --local-controlJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeFile opened: Windows Firewall: C:\Windows\SysWOW64\FirewallAPI.dllJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: 2_2_693DF711 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,2_2_693DF711
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: 2_2_693C168B cpuid 2_2_693C168B
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: IsValidCodePage,GetLocaleInfoW,2_2_693DAD29
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: EnumSystemLocalesW,2_2_693CEC36
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: EnumSystemLocalesW,2_2_693DAF66
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: EnumSystemLocalesW,2_2_693DAFB1
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: GetLocaleInfoW,2_2_693DAEBD
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: GetLocaleInfoW,2_2_693CF15E
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: EnumSystemLocalesW,2_2_693DB04C
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,2_2_693DB0D9
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: GetLocaleInfoW,2_2_693DB329
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: GetUserDefaultUILanguage,GetLocaleInfoW,GetLocaleInfoW,2_2_693BD200
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: GetLocaleInfoW,2_2_693DB559
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,2_2_693DB452
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,2_2_693DB626
Source: C:\Users\user\Desktop\f_0002b5.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeQueries volume information: C:\Users\user\Desktop\f_0002b5.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: 2_2_693B2D20 GetSystemTimeAsFileTime,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,2_2_693B2D20
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: 2_2_693D03A9 _free,_free,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,2_2_693D03A9
Source: C:\Users\user\Desktop\f_0002b5.exeCode function: 2_2_693B2A20 GetCurrentProcess,GetModuleHandleW,GetProcAddress,GetVersionExW,GetNativeSystemInfo,GetModuleHandleW,GetProcAddress,2_2_693B2A20
Source: C:\Users\user\Desktop\f_0002b5.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: f_0002b5.exe, 00000003.00000000.347459369.00000000025DA000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: .itext.text.custom88978f95220cea3e5cd714ad3d984e5drelease/win_8.0.108941b379f03505960bfba86d51b033e4f12eac4a
Source: f_0002b5.exe, 00000002.00000002.740472974.000000000021F000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: 8941b379f03505960bfba86d51b033e4f12eac4arelease/win_8.0.1088978f95220cea3e5cd714ad3d984e5dh
Source: f_0002b5.exe, 00000003.00000002.740518856.000000000046F000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: 8941b379f03505960bfba86d51b033e4f12eac4arelease/win_8.0.1088978f95220cea3e5cd714ad3d984e5d
Source: f_0002b5.exe, 00000003.00000002.740518856.000000000046F000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: release/win_8.0.10

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Valid Accounts		421
Windows Management Instrumentation		1
Valid Accounts		1
Valid Accounts		1
Masquerading		21
Input Capture		12
System Time Discovery		Remote Services21
Input Capture		12
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts2
Command and Scripting Interpreter		1
DLL Side-Loading		1
Access Token Manipulation		1
Valid Accounts		LSASS Memory431
Security Software Discovery		Remote Desktop Protocol1
Archive Collected Data		2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)11
Process Injection		1
Access Token Manipulation		Security Account Manager1
Process Discovery		SMB/Windows Admin Shares1
Clipboard Data		3
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
DLL Side-Loading		11
Disable or Modify Tools		NTDS331
Virtualization/Sandbox Evasion		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script331
Virtualization/Sandbox Evasion		LSA Secrets1
Remote System Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts11
Process Injection		Cached Domain Credentials2
File and Directory Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
Deobfuscate/Decode Files or Information		DCSync156
System Information Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
Hidden Files and Directories		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt2
Obfuscated Files or Information		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
Software Packing		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd1
DLL Side-Loading		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
f_0002b5.exe0%ReversingLabs

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\gcapi.dll0%ReversingLabs
C:\Users\user\Desktop\gcapi.dll0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://www.gimp.org/xmp/0%URL Reputationsafe
http://www.openssl.org/support/faq.html0%URL Reputationsafe
https://datatracker.ietf.org/ipr/1526/0%URL Reputationsafe
https://datatracker.ietf.org/ipr/1914/0%URL Reputationsafe
http://ns.useplus.org/ldf/xmp/1.0/0%URL Reputationsafe
http://iptc.org/std/Iptc4xmpExt/2008-02-29/0%URL Reputationsafe
https://datatracker.ietf.org/ipr/1524/0%URL Reputationsafe
http://www.openssl.org/)0%URL Reputationsafe
https://my.anydesk.com/auth/realms/myanydesk/protocol/openid-connect/registrations?client_id=myanyde0%Avira URL Cloudsafe
https://my.anydesk.com0%Avira URL Cloudsafe
https://anydesk.com/es/privacidad0%Avira URL Cloudsafe
https://order.anydesk.com/trial0%Avira URL Cloudsafe
https://www.google.com/intl/$0%Avira URL Cloudsafe
https://support.google.com/chrome/contact/chromeuninstall3?hl=$10%Avira URL Cloudsafe
https://anydesk.com/U0%Avira URL Cloudsafe
https://support.anydesk.com/knowledge/users0%Avira URL Cloudsafe
https://anydesk.com/de/datenschutz0%Avira URL Cloudsafe
https://anydesk.com/update0%Avira URL Cloudsafe
https://support.anydesk.com/knowledge/status-desk_rt_ipc_errors.0%Avira URL Cloudsafe
https://support.anydesk.com/knowledge/my-anydesk-ii#user-management0%Avira URL Cloudsafe
https://anydesk.com/0%Avira URL Cloudsafe
https://www.nayuki.io/page/qr-code-generator-library0%Avira URL Cloudsafe
https://help.anydesk.com0%Avira URL Cloudsafe
https://anydesk.com/privacy0%Avira URL Cloudsafe
https://policies.google.com/privacy?hl=$0%Avira URL Cloudsafe
https://support.anydesk.com/knowledge/status-desk_rt_auto_disconnect0%Avira URL Cloudsafe
https://anydesk.com/pricing/teams0%Avira URL Cloudsafe
https://anydesk.com/terms0%Avira URL Cloudsafe
https://support.anydesk.com/knowledge/what-is-full-client-management0%Avira URL Cloudsafe
https://support.anydesk.com/knowledge/account-migration0%Avira URL Cloudsafe
https://anydesk.com/order0%Avira URL Cloudsafe
https://anydesk.com/en/changelog/windows0%Avira URL Cloudsafe
https://anydesk.com/contact/sales0%Avira URL Cloudsafe
https://support.anydesk.com0%Avira URL Cloudsafe
https://anydesk.com/en/assembly/terms0%Avira URL Cloudsafe
https://my.anydesk.com/password-generator.0%Avira URL Cloudsafe
https://support.anydesk.com/knowledge/anydesk-for-android-chromeos#troubleshootingp0%Avira URL Cloudsafe
https://help.anydesk.com/0%Avira URL Cloudsafe
https://support.anydesk.com/knowledge/waiting-for-image-black-screen0%Avira URL Cloudsafe
https://anydesk.com0%Avira URL Cloudsafe
https://support.anydesk.com/knowledge/status-anynet_overload0%Avira URL Cloudsafe
https://support.anydesk.com/knowledge/anydesk-for-android-chromeos#troubleshooting0%Avira URL Cloudsafe
http://www.opengl.org/registry/0%Avira URL Cloudsafe
https://anydesk.com/contact/sales)0%Avira URL Cloudsafe
https://help.anydesk.com/$0%Avira URL Cloudsafe
https://support.anydesk.com/knowledge/quick-start-guide0%Avira URL Cloudsafe
https://anydesk.com/en/assembly0%Avira URL Cloudsafe
https://support.google.com/chrome/contact/chromeuninstall3?hl=$1microsoft-edge:openFailed0%Avira URL Cloudsafe
https://my.anydesk.com/auth/realms/myanydesk/login-actions/reset-credentials?client_id=myanydesk-fro0%Avira URL Cloudsafe
https://support.anydesk.com/knowledge/status-desk_rt_ipc_error0%Avira URL Cloudsafe
https://help.anydesk.com/HelpLinkInstallLocationAnyDesk0%Avira URL Cloudsafe
https://my.anydesk.com/v20%Avira URL Cloudsafe
https://my.anydesk.com/auth/realms/myanydesk/login-actions/reset-credentials0%Avira URL Cloudsafe
https://anydesk.com/en/privacy0%Avira URL Cloudsafe
https://anydesk.com/company#imprint0%Avira URL Cloudsafe
http://www.openssl.org/support/faq.htmlEC_PRIVATEKEYpublicKeyparametersprivateKeyECPKPARAMETERSvalue0%Avira URL Cloudsafe
https://anydesk.com/pricing/teams)0%Avira URL Cloudsafe
https://boot.net.anydesk.comabcdefABCDEFtruefalsetfInvalid0%Avira URL Cloudsafe
https://support.anydesk.com/knowledge/anydesk-id-and-alias0%Avira URL Cloudsafe
https://support.anydesk.com/knowledge/anydesk-account0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
d1atxff5avezsq.cloudfront.net
18.245.86.84
truefalse
    		unknown
    bg.microsoft.map.fastly.net
    		199.232.210.172
    		truefalse
      		unknown
      boot.net.anydesk.com
      		57.128.101.74
      		truefalse
        		unknown
        relay-7360779b.net.anydesk.com
        		89.187.179.162
        		truefalse
          		unknown
          api.playanext.com
          		unknown
          		unknownfalse
            		unknown

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            http://api.playanext.comUser-Agent: AnyDesk/8.0.10Accept: */*Content-Length: 354Content-Type: application/x-www-form-urlencodedapi_key=c1426bd258099fa69f62933b466d4b77&event=[{"event_type":"check_offer","user_id":"ce78ba6006c8d8502433d93ee0a50185","session_id":1716391606585606,"ip":"$remote","event_properties":{"method_used":"Google Chrome Criteria Checker","offer_product":"Google Chrome","distributor":"AnyDesk","distributor_product":"AnyDesk","user_country":"United States"}}/httpapifalse
              		unknown

              URLs from Memory and Binaries

              NameSourceMaliciousAntivirus DetectionReputation
              https://support.anydesk.com/knowledge/usersf_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.740865359.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000003.00000003.372700799.0000000000B2B000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000003.371662131.0000000000AB9000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://anydesk.com/Uf_0002b5.exe, 00000003.00000002.741113349.0000000004330000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://order.anydesk.com/trialf_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.740865359.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000003.00000003.371662131.0000000000AB9000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://support.google.com/chrome/contact/chromeuninstall3?hl=$1f_0002b5.exefalse
              • Avira URL Cloud: safe
              		unknown
              https://anydesk.com/updatef_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.740865359.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000003.00000003.371662131.0000000000AB9000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://www.google.com/intl/$f_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.740865359.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000003.00000003.371662131.0000000000AB9000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.741113349.0000000004330000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://www.gimp.org/xmp/f_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.740865359.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000003.00000003.348735825.00000000034F0000.00000004.00000020.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              https://anydesk.com/de/datenschutzf_0002b5.exe, 00000003.00000003.348735825.00000000034F0000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://my.anydesk.comf_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.740865359.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000003.00000003.371662131.0000000000AB9000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://anydesk.com/es/privacidadf_0002b5.exe, 00000003.00000003.348735825.00000000034F0000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://my.anydesk.com/auth/realms/myanydesk/protocol/openid-connect/registrations?client_id=myanydef_0002b5.exe, 00000003.00000003.348735825.00000000034F0000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://support.anydesk.com/knowledge/my-anydesk-ii#user-managementf_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.740865359.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000003.00000003.372700799.0000000000B2B000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000003.371662131.0000000000AB9000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://support.anydesk.com/knowledge/status-desk_rt_ipc_errors.f_0002b5.exe, 00000000.00000003.348416638.0000000000B8D000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://www.openssl.org/support/faq.htmlf_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              https://anydesk.com/f_0002b5.exe, 00000003.00000003.348735825.00000000034F0000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://support.anydesk.com/knowledge/status-desk_rt_auto_disconnectf_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.740865359.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000003.00000003.372700799.0000000000B2B000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000003.371662131.0000000000AB9000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://anydesk.com/privacyf_0002b5.exe, 00000003.00000003.371662131.0000000000AB9000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://datatracker.ietf.org/ipr/1526/f_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.740865359.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000003.00000003.348735825.00000000034F0000.00000004.00000020.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              https://www.nayuki.io/page/qr-code-generator-libraryf_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.740865359.0000000001DE6000.00000002.00000001.01000000.00000003.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://policies.google.com/privacy?hl=$f_0002b5.exe, 00000000.00000003.348416638.0000000000B8D000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.740865359.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000003.00000003.371662131.0000000000AB9000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://help.anydesk.comf_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.740865359.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000003.00000003.371662131.0000000000AB9000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://anydesk.com/pricing/teamsf_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.740865359.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000003.00000003.371662131.0000000000AB9000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://datatracker.ietf.org/ipr/1914/f_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.740865359.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000003.00000003.348735825.00000000034F0000.00000004.00000020.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              https://anydesk.com/termsf_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.740865359.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000003.00000003.371662131.0000000000AB9000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://support.anydesk.com/knowledge/what-is-full-client-managementf_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.740865359.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000003.00000003.372700799.0000000000B2B000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000003.371662131.0000000000AB9000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://anydesk.com/en/changelog/windowsf_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.740865359.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000003.00000003.372700799.0000000000B2B000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000003.371662131.0000000000AB9000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://support.anydesk.com/knowledge/account-migrationf_0002b5.exe, 00000000.00000003.348416638.0000000000B8D000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.740865359.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000003.00000003.371662131.0000000000AB9000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://anydesk.com/orderf_0002b5.exe, 00000003.00000003.371662131.0000000000AB9000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://anydesk.com/contact/salesf_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.740865359.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000003.00000003.371662131.0000000000AB9000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://anydesk.com/en/assembly/termsf_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.740865359.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000003.00000003.348735825.00000000034F0000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://my.anydesk.com/password-generator.f_0002b5.exe, 00000003.00000002.740865359.0000000001DE6000.00000002.00000001.01000000.00000003.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://support.anydesk.comf_0002b5.exe, 00000003.00000002.740865359.0000000001DE6000.00000002.00000001.01000000.00000003.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://support.anydesk.com/knowledge/anydesk-for-android-chromeos#troubleshootingpf_0002b5.exe, 00000003.00000002.741113349.0000000004330000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://help.anydesk.com/f_0002b5.exe, 00000003.00000002.740865359.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000003.00000003.371662131.0000000000AB9000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://anydesk.comf_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.740865359.0000000001DE6000.00000002.00000001.01000000.00000003.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://support.anydesk.com/knowledge/waiting-for-image-black-screenf_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.740865359.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000003.00000003.372700799.0000000000B2B000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000003.371662131.0000000000AB9000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://ns.useplus.org/ldf/xmp/1.0/f_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.740865359.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000003.00000003.348735825.00000000034F0000.00000004.00000020.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              https://support.anydesk.com/knowledge/status-anynet_overloadf_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.740865359.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000003.00000003.372700799.0000000000B2B000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000003.371662131.0000000000AB9000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://support.anydesk.com/knowledge/anydesk-for-android-chromeos#troubleshootingf_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.740865359.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000003.00000003.371662131.0000000000AB9000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://www.opengl.org/registry/f_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.740865359.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000003.00000003.348735825.00000000034F0000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://anydesk.com/contact/sales)f_0002b5.exe, 00000003.00000003.348735825.00000000034F0000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://iptc.org/std/Iptc4xmpExt/2008-02-29/f_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.740865359.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000003.00000003.348735825.00000000034F0000.00000004.00000020.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              https://help.anydesk.com/$f_0002b5.exe, 00000003.00000003.371662131.0000000000AB9000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.741113349.0000000004330000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://support.anydesk.com/knowledge/quick-start-guidef_0002b5.exe, 00000000.00000003.348416638.0000000000B8D000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.740865359.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000003.00000003.371662131.0000000000AB9000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://my.anydesk.com/auth/realms/myanydesk/login-actions/reset-credentials?client_id=myanydesk-frof_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.740865359.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000003.00000003.371662131.0000000000AB9000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://support.anydesk.com/knowledge/status-desk_rt_ipc_errorf_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.740865359.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000003.00000003.372700799.0000000000B2B000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000003.371662131.0000000000AB9000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://anydesk.com/en/assemblyf_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.740865359.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000003.00000003.348735825.00000000034F0000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://my.anydesk.com/auth/realms/myanydesk/login-actions/reset-credentialsf_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.740865359.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000003.00000003.348735825.00000000034F0000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://support.google.com/chrome/contact/chromeuninstall3?hl=$1microsoft-edge:openFailedf_0002b5.exe, 00000002.00000003.374622056.00000000004B7000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmp, f_0002b5.exe, 00000003.00000002.741308651.00000000693EA000.00000002.00000001.01000000.00000007.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://anydesk.com/en/privacyf_0002b5.exe, 00000003.00000003.348735825.00000000034F0000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://help.anydesk.com/HelpLinkInstallLocationAnyDeskf_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.740865359.0000000001DE6000.00000002.00000001.01000000.00000003.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://datatracker.ietf.org/ipr/1524/f_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.740865359.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000003.00000003.348735825.00000000034F0000.00000004.00000020.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              https://my.anydesk.com/v2f_0002b5.exe, 00000003.00000003.371662131.0000000000AB9000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000003.348735825.00000000034F0000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://anydesk.com/company#imprintf_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.740865359.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000003.00000003.371662131.0000000000AB9000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://www.openssl.org/)f_0002b5.exe, 00000003.00000003.348735825.00000000034F0000.00000004.00000020.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              https://anydesk.com/pricing/teams)f_0002b5.exe, 00000003.00000003.348735825.00000000034F0000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://www.openssl.org/support/faq.htmlEC_PRIVATEKEYpublicKeyparametersprivateKeyECPKPARAMETERSvaluef_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://boot.net.anydesk.comabcdefABCDEFtruefalsetfInvalidf_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.740865359.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000003.00000003.348735825.00000000034F0000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://support.anydesk.com/knowledge/anydesk-accountf_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.740865359.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000003.00000003.372700799.0000000000B2B000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000003.371662131.0000000000AB9000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://support.anydesk.com/knowledge/anydesk-id-and-aliasf_0002b5.exe, 00000000.00000003.344923816.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000002.00000002.740894937.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000002.00000003.348421348.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.740865359.0000000001DE6000.00000002.00000001.01000000.00000003.sdmp, f_0002b5.exe, 00000003.00000003.371662131.0000000000AB9000.00000004.00000020.00020000.00000000.sdmp, f_0002b5.exe, 00000003.00000002.741113349.0000000004330000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown

              World Map of Contacted IPs

              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs

              Public IPs

              IPDomainCountryFlagASNASN NameMalicious
              57.128.101.74
              		boot.net.anydesk.comBelgium
              		2686ATGS-MMD-ASUSfalse
              89.187.179.162
              		relay-7360779b.net.anydesk.comCzech Republic
              		60068CDN77GBfalse
              185.229.191.39
              		unknownCzech Republic
              		60068CDN77GBfalse
              18.245.86.79
              		unknownUnited States
              		16509AMAZON-02USfalse

              General Information

              Joe Sandbox version:40.0.0 Tourmaline
              Analysis ID:1445830
              Start date and time:2024-05-22 17:25:44 +02:00
              Joe Sandbox product:CloudBasic
              Overall analysis duration:0h 7m 38s
              Hypervisor based Inspection enabled:false
              Report type:full
              Cookbook file name:default.jbs
              Analysis system description:Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
              Run name:Run with higher sleep bypass
              Number of analysed new started processes analysed:8
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:0
              Technologies:
              • HCA enabled
              • EGA enabled
              • AMSI enabled
              Analysis Mode:default
              Analysis stop reason:Timeout
              Sample name:f_0002b5.exe
              renamed because original name is a hash value
              Original Sample Name:f_0002b5
              Detection:MAL
              Classification:mal51.evad.winEXE@5/8@5/4
              EGA Information:
              • Successful, ratio: 100%
              HCA Information:
              • Successful, ratio: 100%
              • Number of executed functions: 22
              • Number of non-executed functions: 166
              Cookbook Comments:
              • Found application associated with file extension: .exe
              • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

              Warnings

              • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, svchost.exe
              • Excluded IPs from analysis (whitelisted): 2.21.22.106, 2.21.22.114
              • Excluded domains from analysis (whitelisted): ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, a767.dspw65.akamai.net, wu-b-net.trafficmanager.net, download.windowsupdate.com.edgesuite.net
              • HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
              • Report size getting too big, too many NtOpenKeyEx calls found.
              • Report size getting too big, too many NtQueryValueKey calls found.
              • VT rate limit hit for: f_0002b5.exe

              Simulations

              Behavior and APIs

              TimeTypeDescription
              11:27:18API Interceptor709x Sleep call for process: f_0002b5.exe modified

              Joe Sandbox View / Context

              IPs

              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              57.128.101.74LiveChat.exeGet hashmaliciousUnknownBrowse
                https://bnz-portal.com/Get hashmaliciousUnknownBrowse
                  anydesk.exeGet hashmaliciousUnknownBrowse
                    livechat.exeGet hashmaliciousUnknownBrowse
                      AnyDesk.exeGet hashmaliciousUnknownBrowse
                        AnyDesk-CM.msiGet hashmaliciousUnknownBrowse
                          89.187.179.162anydesk.exeGet hashmaliciousUnknownBrowse
                            185.229.191.39https://download.anydesk.com/AnyDesk.exeGet hashmaliciousUnknownBrowse
                              http://sub.nabprotect-livechat.com/Get hashmaliciousUnknownBrowse
                                AnyDesk.exeGet hashmaliciousUnknownBrowse
                                  AnyDesk.exeGet hashmaliciousUnknownBrowse
                                    AnyDesk.exeGet hashmaliciousUnknownBrowse
                                      livechat.exeGet hashmaliciousUnknownBrowse
                                        livechat.exeGet hashmaliciousUnknownBrowse
                                          AnyDesk.exeGet hashmaliciousUnknownBrowse
                                            AnyDesk.exeGet hashmaliciousUnknownBrowse
                                              AnyDesk.exeGet hashmaliciousUnknownBrowse

                                                Domains

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                boot.net.anydesk.comhttps://download.anydesk.com/AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                • 185.229.191.39
                                                http://116.0.56.101:9191/images/Distribution.exeGet hashmaliciousUnknownBrowse
                                                • 49.12.130.235
                                                SysrI6zSkJ.exeGet hashmaliciousRedLineBrowse
                                                • 37.59.29.33
                                                SysrI6zSkJ.exeGet hashmaliciousRedLineBrowse
                                                • 185.229.191.44
                                                AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                • 141.95.145.210
                                                AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                • 92.223.88.232
                                                http://sub.nabprotect-livechat.com/Get hashmaliciousUnknownBrowse
                                                • 185.229.191.39
                                                https://download.anydesk.com/AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                • 141.95.145.210
                                                https://download.anydesk.com/AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                • 57.128.101.74
                                                d1atxff5avezsq.cloudfront.nethttps://download.filezilla-project.org/client/FileZilla_3.67.0_win64_sponsored2-setup.exeGet hashmaliciousUnknownBrowse
                                                • 3.161.136.51
                                                https://download.anydesk.com/AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                • 18.173.219.116
                                                Filezillawin_94199_patched.exeGet hashmaliciousUnknownBrowse
                                                • 13.35.116.32
                                                Filezillawin_94199_patched.exeGet hashmaliciousUnknownBrowse
                                                • 13.35.116.110
                                                SysrI6zSkJ.exeGet hashmaliciousRedLineBrowse
                                                • 18.173.219.85
                                                SysrI6zSkJ.exeGet hashmaliciousRedLineBrowse
                                                • 18.173.219.36
                                                https://download.anydesk.com/AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                • 13.33.82.105
                                                https://download.anydesk.com/AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                • 13.33.82.26
                                                https://nab-support.com/LiveChat.exeGet hashmaliciousUnknownBrowse
                                                • 13.224.14.115
                                                bg.microsoft.map.fastly.netswift_remittance_copy_inv_30_04_2024_0000000000_pdf.exeGet hashmaliciousGuLoaderBrowse
                                                • 199.232.210.172
                                                https://mev-web.ca/?f=QeYBR2wfYK3JYIrbEQZr1C%2bgf3gU%2fmUvL9ovUEhJVZnxPIANQz6rboUW4U4PnItNOSuc98KvirQj3pwhsBFRc8hSk5YuKckp9PXbo9m%2baI9y9BiUYstagDwEu3371ebTwoTckHFX6OqMDkbqHH4mz6uY9e9M%2f9uY9zyYLM%2f9CmDvFT2uK2iCdJwzdbXIyiq2%2b9ClzMjyENFwui3qHuWODETmn%2b6yk0qQuV9sQ%2fGi6URseZjJRDXWcmWLNhvjc38WMu6H6e6u2IwMZcnl78FMfEZPvqt9omZdBVKeliCJX88SZ7m5zXYeBaIXu8XXIgDTSHNQrcMQ6iWL3ktNU9KNVy2%2fbL15XB8sLGGe1uVAbQ9hwGnOnoH4sBJOe3%2fpYYneZARrLcwphZSIduyqT3At%2f6Bzn57i7UC9z7ZDalFnOM1dZy5wNqsV62py1LJecHSNYxeFwHwj8D54XILdKl0BfW7sHpba1eyZjI%2bO8%2bGRE69nPLRa%2ffTy6B9wpFibF3RTGet hashmaliciousUnknownBrowse
                                                • 199.232.214.172
                                                https://www.google.com.bh/url?hl=en&q=https://www.google.com.bh/url?hl%3Den%26q%3Dhttp://www.google.com/amp/www.google.com/amp/www.google.com/amp/%252574%252569%25256E%252579%252575%252572%25256C%25252E%252563%25256F%25256D%25252F%25256D%252576%252574%252575%252575%252566%252537%252533%26source%3Dgmail%26ust%3D1716286979743000%26usg%3DAOvVaw0kIG15Hao_4RLWdhQSbrTj&source=gmail&ust=1716287016979000&usg=AOvVaw2OvZXU7t2_QCy0TjxskKGnGet hashmaliciousUnknownBrowse
                                                • 199.232.214.172
                                                https://rstgmbh-rstsrl.start.pageGet hashmaliciousHTMLPhisherBrowse
                                                • 199.232.210.172
                                                https://twomancake.com/jsnom.jsGet hashmaliciousUnknownBrowse
                                                • 199.232.214.172
                                                http://https:onedrive.tecomgroup.ae@cloud.myapp.homes/Mfatima.khamis@tecomgroup.aeGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                • 199.232.214.172
                                                https://tracker.club-os.com/campaign/click?msgId=d738c6bd137e6a03157c6c728cbc659e734fc398Get hashmaliciousUnknownBrowse
                                                • 199.232.210.172
                                                https://link.tmr04.com/c?q=lbDkjvuqh3Lwv34SJZrn7LGF2gBHaHR0cHM6Ly9zdGFnZWRlc2Vjb25kZS4xamV1bmUxc29sdXRpb24uZ291di5mci91dGlsaXNhdGV1cnMvaW5zY3JpcHRpb26sYlV-PpkyI6Ebn0wKrGZMssHksLM9fAVfHK5saW5rLnRtcjA0LmNvbQGet hashmaliciousUnknownBrowse
                                                • 199.232.210.172
                                                PO N#U00b0202415-0004 LUZNAGRA-INDUSTRIA_pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                • 199.232.214.172
                                                Purchase_Order_008945-pdf.bat.exeGet hashmaliciousAgentTeslaBrowse
                                                • 199.232.210.172
                                                relay-7360779b.net.anydesk.comanydesk.exeGet hashmaliciousUnknownBrowse
                                                • 89.187.179.162

                                                ASNs

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                ATGS-MMD-ASUSEST- 250424-0370pdf.exeGet hashmaliciousFormBookBrowse
                                                • 34.149.87.45
                                                https://cs-server-s2s.yellowblue.io/sync-iframeGet hashmaliciousUnknownBrowse
                                                • 34.36.216.150
                                                https://internal--alert-teamapp-site.ipns.dweb.link/#YW1hbmRhLm1vcnJpc29uQG9uZWFtZXJpY2EuY29tGet hashmaliciousHTMLPhisherBrowse
                                                • 34.32.135.56
                                                Payment invoice.exeGet hashmaliciousFormBookBrowse
                                                • 34.149.87.45
                                                http://sallywilliamson.comGet hashmaliciousUnknownBrowse
                                                • 34.36.216.150
                                                hCNsvwoPS6.elfGet hashmaliciousUnknownBrowse
                                                • 57.62.27.73
                                                qwmLv2FcgD.elfGet hashmaliciousUnknownBrowse
                                                • 34.176.183.104
                                                http://sallywilliamson.com/Get hashmaliciousUnknownBrowse
                                                • 34.36.213.229
                                                https://fix-walletconnect.pages.dev/walletGet hashmaliciousUnknownBrowse
                                                • 34.36.216.150
                                                AMAZON-02UShttp://www.cpcheckme.comGet hashmaliciousUnknownBrowse
                                                • 52.49.232.14
                                                2T6MGxlKZT.exeGet hashmaliciousSmokeLoaderBrowse
                                                • 54.255.136.181
                                                EST- 250424-0370pdf.exeGet hashmaliciousFormBookBrowse
                                                • 3.64.163.50
                                                https://mev-web.ca/?f=QeYBR2wfYK3JYIrbEQZr1C%2bgf3gU%2fmUvL9ovUEhJVZnxPIANQz6rboUW4U4PnItNOSuc98KvirQj3pwhsBFRc8hSk5YuKckp9PXbo9m%2baI9y9BiUYstagDwEu3371ebTwoTckHFX6OqMDkbqHH4mz6uY9e9M%2f9uY9zyYLM%2f9CmDvFT2uK2iCdJwzdbXIyiq2%2b9ClzMjyENFwui3qHuWODETmn%2b6yk0qQuV9sQ%2fGi6URseZjJRDXWcmWLNhvjc38WMu6H6e6u2IwMZcnl78FMfEZPvqt9omZdBVKeliCJX88SZ7m5zXYeBaIXu8XXIgDTSHNQrcMQ6iWL3ktNU9KNVy2%2fbL15XB8sLGGe1uVAbQ9hwGnOnoH4sBJOe3%2fpYYneZARrLcwphZSIduyqT3At%2f6Bzn57i7UC9z7ZDalFnOM1dZy5wNqsV62py1LJecHSNYxeFwHwj8D54XILdKl0BfW7sHpba1eyZjI%2bO8%2bGRE69nPLRa%2ffTy6B9wpFibF3RTGet hashmaliciousUnknownBrowse
                                                • 13.224.189.54
                                                https://cs-server-s2s.yellowblue.io/sync-iframeGet hashmaliciousUnknownBrowse
                                                • 54.195.106.144
                                                https://www.google.com.bh/url?hl=en&q=https://www.google.com.bh/url?hl%3Den%26q%3Dhttp://www.google.com/amp/www.google.com/amp/www.google.com/amp/%252574%252569%25256E%252579%252575%252572%25256C%25252E%252563%25256F%25256D%25252F%25256D%252576%252574%252575%252575%252566%252537%252533%26source%3Dgmail%26ust%3D1716286979743000%26usg%3DAOvVaw0kIG15Hao_4RLWdhQSbrTj&source=gmail&ust=1716287016979000&usg=AOvVaw2OvZXU7t2_QCy0TjxskKGnGet hashmaliciousUnknownBrowse
                                                • 18.245.253.27
                                                https://rstgmbh-rstsrl.start.pageGet hashmaliciousHTMLPhisherBrowse
                                                • 52.217.97.172
                                                http://adsbymediavine.comGet hashmaliciousUnknownBrowse
                                                • 52.222.149.102
                                                https://www.sign-doc.com/XNHBmVkl2Nm5FWHNCSFgzUlpNaTRBQ1UrRWNwZU93aTcrK1J6cFBwUGVMTDRqc252ZFFhZHNsMWZieE9PZmN6YUYzVzhqWWI0R1ZheldoS2FuYXFVTkhpd1BldnB4OHcwZGZzUlQ1UE9JSDRXTWtNbjUvQUx3RFBQMVowRjQ4TWZhOS9WV1VzUHlIRnErVWtpR1lKcEdtQy9JTGt2ck1wZHpoLzhVb0owOThrOXZMcXlMMjVNZE5YRCtuRm52U0JTTkNPV0NnPT0tLSs2a0h3RllhaGNPTGs3ZHotLVY4SE1WRkErbUhsZU9lUnJPbjlCT1E9PQ==?cid=242919939Get hashmaliciousUnknownBrowse
                                                • 54.231.129.224
                                                CDN77GBhttps://fix-walletconnect.pages.dev/walletGet hashmaliciousUnknownBrowse
                                                • 195.181.175.15
                                                http://bafybeic2dcyunteju5lcniglmedsfh6rcjmlu3xtzvo2ykeyuj3wcano7a.ipfs.dweb.link/Get hashmaliciousUnknownBrowse
                                                • 185.93.3.244
                                                http://cf-ipfs.com/ipfs/Qmb8ZxH6YcdjvixfVo3yE3hHm5CNzVAQFSfFDavjywVtYk/gttrindeed.htmlGet hashmaliciousUnknownBrowse
                                                • 185.93.1.246
                                                http://shahnawazhussain1122.github.io/helloGet hashmaliciousUnknownBrowse
                                                • 212.102.56.181
                                                http://siddiquimehvish07.github.io/netflix.github.ioGet hashmaliciousUnknownBrowse
                                                • 185.93.1.246
                                                http://actioncompactionservices.comGet hashmaliciousUnknownBrowse
                                                • 185.93.1.251
                                                http://cdn.camvenue.liveGet hashmaliciousUnknownBrowse
                                                • 195.181.175.40
                                                https://fatodex.b-cdn.net/fatodexGet hashmaliciousUnknownBrowse
                                                • 89.187.169.3
                                                https://www.jbmarkets.com/Get hashmaliciousUnknownBrowse
                                                • 195.181.163.203
                                                CDN77GBhttps://fix-walletconnect.pages.dev/walletGet hashmaliciousUnknownBrowse
                                                • 195.181.175.15
                                                http://bafybeic2dcyunteju5lcniglmedsfh6rcjmlu3xtzvo2ykeyuj3wcano7a.ipfs.dweb.link/Get hashmaliciousUnknownBrowse
                                                • 185.93.3.244
                                                http://cf-ipfs.com/ipfs/Qmb8ZxH6YcdjvixfVo3yE3hHm5CNzVAQFSfFDavjywVtYk/gttrindeed.htmlGet hashmaliciousUnknownBrowse
                                                • 185.93.1.246
                                                http://shahnawazhussain1122.github.io/helloGet hashmaliciousUnknownBrowse
                                                • 212.102.56.181
                                                http://siddiquimehvish07.github.io/netflix.github.ioGet hashmaliciousUnknownBrowse
                                                • 185.93.1.246
                                                http://actioncompactionservices.comGet hashmaliciousUnknownBrowse
                                                • 185.93.1.251
                                                http://cdn.camvenue.liveGet hashmaliciousUnknownBrowse
                                                • 195.181.175.40
                                                https://fatodex.b-cdn.net/fatodexGet hashmaliciousUnknownBrowse
                                                • 89.187.169.3
                                                https://www.jbmarkets.com/Get hashmaliciousUnknownBrowse
                                                • 195.181.163.203

                                                JA3 Fingerprints

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                c91bde19008eefabce276152ccd51457SysrI6zSkJ.exeGet hashmaliciousRedLineBrowse
                                                • 57.128.101.74
                                                • 89.187.179.162
                                                SysrI6zSkJ.exeGet hashmaliciousRedLineBrowse
                                                • 57.128.101.74
                                                • 89.187.179.162
                                                AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                • 57.128.101.74
                                                • 89.187.179.162
                                                AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                • 57.128.101.74
                                                • 89.187.179.162
                                                http://sub.nabprotect-livechat.com/Get hashmaliciousUnknownBrowse
                                                • 57.128.101.74
                                                • 89.187.179.162
                                                https://download.anydesk.com/AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                • 57.128.101.74
                                                • 89.187.179.162
                                                https://download.anydesk.com/AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                • 57.128.101.74
                                                • 89.187.179.162
                                                https://nab-support.com/LiveChat.exeGet hashmaliciousUnknownBrowse
                                                • 57.128.101.74
                                                • 89.187.179.162
                                                https://bendigo-desk.com/Get hashmaliciousUnknownBrowse
                                                • 57.128.101.74
                                                • 89.187.179.162

                                                Dropped Files

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                C:\Users\user\AppData\Local\Temp\gcapi.dllhttps://download.anydesk.com/AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                  SysrI6zSkJ.exeGet hashmaliciousRedLineBrowse
                                                    SysrI6zSkJ.exeGet hashmaliciousRedLineBrowse
                                                      https://download.anydesk.com/AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                        https://nab-support.com/LiveChat.exeGet hashmaliciousUnknownBrowse
                                                          Project.lnkGet hashmaliciousUnknownBrowse
                                                            LiveChat.exeGet hashmaliciousUnknownBrowse
                                                              LiveChat.exeGet hashmaliciousUnknownBrowse
                                                                AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                                  C:\Users\user\Desktop\gcapi.dllhttps://download.anydesk.com/AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                                    SysrI6zSkJ.exeGet hashmaliciousRedLineBrowse
                                                                      SysrI6zSkJ.exeGet hashmaliciousRedLineBrowse
                                                                        https://download.anydesk.com/AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                                          https://nab-support.com/LiveChat.exeGet hashmaliciousUnknownBrowse
                                                                            Project.lnkGet hashmaliciousUnknownBrowse
                                                                              LiveChat.exeGet hashmaliciousUnknownBrowse
                                                                                LiveChat.exeGet hashmaliciousUnknownBrowse
                                                                                  AnyDesk.exeGet hashmaliciousUnknownBrowse

                                                                                    Created / dropped Files

                                                                                    C:\Users\user\AppData\Local\Temp\gcapi.dll

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\f_0002b5.exe
                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                    Category:dropped
                                                                                    Size (bytes):394240
                                                                                    Entropy (8bit):6.700175464943679
                                                                                    Encrypted:false
                                                                                    SSDEEP:6144:Tv/ioKdMF+LZD/ZRj1vwWrrUFMNoz4pFGxjEB1NYAOrabN2GZvFcD7:Td+LZrNwWrrwMNoz4vG1OYZabtK7
                                                                                    MD5:1CE7D5A1566C8C449D0F6772A8C27900
                                                                                    SHA1:60854185F6338E1BFC7497FD41AA44C5C00D8F85
                                                                                    SHA-256:73170761D6776C0DEBACFBBC61B6988CB8270A20174BF5C049768A264BB8FFAF
                                                                                    SHA-512:7E3411BE8614170AE91DB1626C452997DC6DB663D79130872A124AF982EE1D457CEFBA00ABD7F5269ADCE3052403BE31238AECC3934C7379D224CB792D519753
                                                                                    Malicious:false
                                                                                    Antivirus:
                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                    Joe Sandbox View:
                                                                                    • Filename: , Detection: malicious, Browse
                                                                                    • Filename: SysrI6zSkJ.exe, Detection: malicious, Browse
                                                                                    • Filename: SysrI6zSkJ.exe, Detection: malicious, Browse
                                                                                    • Filename: , Detection: malicious, Browse
                                                                                    • Filename: , Detection: malicious, Browse
                                                                                    • Filename: Project.lnk, Detection: malicious, Browse
                                                                                    • Filename: LiveChat.exe, Detection: malicious, Browse
                                                                                    • Filename: LiveChat.exe, Detection: malicious, Browse
                                                                                    • Filename: AnyDesk.exe, Detection: malicious, Browse
                                                                                    Reputation:moderate, very likely benign file
                                                                                    Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$........q.hB..;B..;B..;.I.:@..;...;W..;...;...;...;b..;.#;@..;!M.:U..;!M.:c..;!M.:u..;...;@..;,M.:...;...;Y..;B..;~..;,M.:e..;,M.:C..;,M.;C..;B.s;C..;,M.:C..;RichB..;........................PE..L......W.........."!................:.....................................................@.........................p................0.......................@..h2......8...........................p...@.......................@....................text...y........................... ..`.rdata...-..........................@..@.data...H5..........................@....gfids..(...........................@..@.tls......... ......................@....rsrc........0......................@..@.reloc..h2...@...4..................@..B................................................................................................................................................................

                                                                                    C:\Users\user\AppData\Roaming\AnyDesk\ad.trace

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\f_0002b5.exe
                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                    Category:modified
                                                                                    Size (bytes):30234
                                                                                    Entropy (8bit):4.360266349285255
                                                                                    Encrypted:false
                                                                                    SSDEEP:384:xPI/hPkThlT4USlTjfznrraqHoJa+dnDAgM/F:xI/FC8fTbzr4aSnDA/F
                                                                                    MD5:DF02B090EF9FBFDFE2281F4F8608D4AC
                                                                                    SHA1:FDD0A260039C3F84F5AD1584CBFCBF32A6A846A9
                                                                                    SHA-256:CAFD5F451AF166B9E1CC286B37D9313DBF435E6B3A7F093AAF373996ADC519E6
                                                                                    SHA-512:31BC5F5857B9434327CA488B38A2CA5D0EF1B2846F3EE09D26E2A6A3348C44EE368770CFB170007DC5BC81E8FAF38CD089FF3076E0F186A20AB7A34B4EB62D14
                                                                                    Malicious:false
                                                                                    Reputation:low
                                                                                    Preview: * * * * * * * * * * * * * * * * * *.. info 2024-05-22 15:26:32.806 front 980 260 main - * AnyDesk Windows Startup *.. info 2024-05-22 15:26:32.806 front 980 260 main - * Version 8.0.10 (release/win_8.0.10 8941b379f03505960bfba86d51b033e4f12eac4a).. info 2024-05-22 15:26:32.806 front 980 260 main - * Checksum 88978f95220cea3e5cd714ad3d984e5d.. info 2024-05-22 15:26:32.806 front 980 260 main - * Build 20240424145318.. info 2024-05-22 15:26:32.806 front 980 260 main - * Copyright (C) 2024 AnyDesk Software GmbH *.. info 2024-05-22 15:26:32.806 front 980 260 main - .. info 2024-05-22 15:26:32.806 front 980 260 main - Command Line params: "C:\Users\user\Desktop\f_0002b5.exe

                                                                                    C:\Users\user\AppData\Roaming\AnyDesk\service.conf

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\f_0002b5.exe
                                                                                    File Type:ASCII text, with very long lines (1747)
                                                                                    Category:dropped
                                                                                    Size (bytes):2966
                                                                                    Entropy (8bit):6.037237595886338
                                                                                    Encrypted:false
                                                                                    SSDEEP:48:uIST5S7ifTShZOXpkpP9wjM4e5pjlEKn9jBbHrsd8mm5+/ly/MgImOTNa+:uISTeifcOSpP9wq5ppvdfOwcZTB
                                                                                    MD5:C128F2603D5A208CA8016589B6FBE6E8
                                                                                    SHA1:FE6900C5A9C698245B71CFAB8108C6EAE2270DCC
                                                                                    SHA-256:80D5C095CD66B4E7E0D890BF5FCC3171BDB619C62753E661FD87AD547A0378B5
                                                                                    SHA-512:27C44831B4E4AF3530B1D6BB8EB27878C60F3915F0F31F01E8036C40D9FEBCE6A4AE765A557168B73096C14C28A37EC53B0D8EB4A6E389F9763331DF66A26C14
                                                                                    Malicious:false
                                                                                    Reputation:low
                                                                                    Preview:ad.anynet.cert=-----BEGIN CERTIFICATE-----\nMIICqDCCAZACAQEwDQYJKoZIhvcNAQELBQAwGTEXMBUGA1UEAwwOQW55RGVzayBD\nbGllbnQwIBcNMjQwNTIyMTUyNjM2WhgPMjA3NDA1MTAxNTI2MzZaMBkxFzAVBgNV\nBAMMDkFueURlc2sgQ2xpZW50MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC\nAQEA2pUZClhD1ZIObCEkJoXCiM+GS3nkRVtfP5W3Q44hgZsuyjXQu5DIxPn0yYaN\nOHqod3FcJgk98OZOJGC1nbF/yX5PrGQna9fCmjj1bwhkz0+agYYwPS9wEsnGO9Qz\nJTKgottRibMm6RB6eOwP/48raRvyC3CRKUik7z/I0d482ePFAQqv9M5ZVS4C4kC1\njHvHlL1C0RTvdu6D63aOWouAy9mgJSinTQV6v/cbVkddHiqeRptUCzKYcseL33A7\ncAmP1Cb1wkCb2bnrYTFtfm30oIeYoicr+0nveVmc3A5HKa0ZK3LtYGytNNx8odhB\niWH93YU7MwrB51sMsSzDRPjlDwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBLVOxD\nT7N1rp0vA7e2B9GySEgkGNqLY5vTDK2CdDSrRJV8JypfplHfXtXauPBHW+2OPB0I\nqoGROMDYDZZqYIQ5VQozSGOwkPD6JVunB9rQY2vWb+1hUnr57d65rHOpcL5LbP+O\nmh63h8KpRX7V7Q23GHkSYUdr5MsOTRKDC0xA0qOCsMwXjXSWi0SULcyd9IwXbDek\nZoU2PW932TrWj+LXJmIm7EKwiAN8yY7sXXkP32m7M0aoTa0HlXQkFgIQVrTnl8wY\nnJFQv88+AU8HXlv0M3UdRU+EUb8pFLvSKa3j8gejtDqkkqFD4MIYSH3hyFClHb6P\nEHEqtjZrVX8DbYr+\n-----END CERTI

                                                                                    C:\Users\user\AppData\Roaming\AnyDesk\system.conf

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\f_0002b5.exe
                                                                                    File Type:ASCII text
                                                                                    Category:dropped
                                                                                    Size (bytes):822
                                                                                    Entropy (8bit):4.835667206438249
                                                                                    Encrypted:false
                                                                                    SSDEEP:12:og80L4GVIN7QaC5sxriBs7hPj7lNqQHvWhQCVp4LroBGgFBG9NkG:KriBsNPj5sAwtVp4LtB9uG
                                                                                    MD5:B7F50FB922550F38D246F05B2E69F7FC
                                                                                    SHA1:A902AE76F1D1465EF7D6CC9DCA7191F3178E6D4D
                                                                                    SHA-256:14A6CC473F396727FA78DC249F1B9548BC462F60721C853626B64AAA9DEE0D0C
                                                                                    SHA-512:F23A8217F5E9BC4114EBF4FF900F29F69A2D1A261EE496CC9B3E53061EA6679B5B57E252990B4DD4FDC99E7D467285C4B1794223B81EE741DD58CB8F0A44A669
                                                                                    Malicious:false
                                                                                    Reputation:low
                                                                                    Preview:ad.anynet.alias=.ad.anynet.client_stats_hash=1668102e38bdcab5d6e21ca1e93aa8c275096e46.ad.anynet.cur_version=34359738378.ad.anynet.fpr=64b984aa389a51769d827e136c81bc6dca17f496.ad.anynet.id=1166888763.ad.anynet.last_relay=relay-7360779b.net.anydesk.com:80:443:6568.ad.anynet.network_hash=2c7235e7e2e5cff92300cca3448da213ac1b5575.ad.anynet.network_id=main.ad.anynet.relay.fatal_result=1.0.ad.anynet.relay.state=2.ad.license.expiry=0.ad.license.name=free-1.ad.security.frontend_clipboard=1.ad.security.frontend_clipboard_files=1.ad.security.frontend_clipboard_version=1.ad.security.permission_profiles._default.permissions.sas=1.ad.security.permission_profiles._unattended_access.permissions.sas=1.ad.security.permission_profiles.version=1.ad.security.update_version=1.ad.wol.mac_hash=409979bab894a8d4d2500422f897413c7bec74be.

                                                                                    C:\Users\user\AppData\Roaming\AnyDesk\user.conf

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\f_0002b5.exe
                                                                                    File Type:ASCII text, with very long lines (3261)
                                                                                    Category:dropped
                                                                                    Size (bytes):7122
                                                                                    Entropy (8bit):4.418932286431394
                                                                                    Encrypted:false
                                                                                    SSDEEP:96:P8V6TcR8Iq8zPnFxynTkzfx8+PDpZEDqmbn38UdrzBhPH5M:EsXIVRWGf2s8DqsMqzTHW
                                                                                    MD5:8E14C79AB82FEFE172983CE125A6785C
                                                                                    SHA1:1C9419A6ED6C1D92E7BA01B8F7030EA5A94F91A7
                                                                                    SHA-256:F24D7AE1DEE6EEC72AD38E6313B5A14E72233CA3CC12DEFBBC2CE0B390542CFC
                                                                                    SHA-512:80B43B4E4EED55A40E7A457B68B65BFBA6384B8DD4519273FFC17E8888E35B967580DE53605FAFB55983D6004F0F37A949E16015C85C4B7CFCC89EE90A191B37
                                                                                    Malicious:false
                                                                                    Reputation:low
                                                                                    Preview:ad.account.auth_methods=6fa74c609a01f31f1f670668df954f4642a4aae8018a18da4c03d16243c13ef38eef3d4c930bfcc10ff648310f1fa2df0b53d2e90e4e008262013ecaea92c7c5db885cb9ecc2b3e633e02c01f07967f2516b62962533631f9939a7ec52e1c27374ab0862b47b212f41cf5778b89c4e6f54ca303b7cfee055ae0ec588c54eb80ea4917df19caa1e96066993f935685470f0d93e76534825732877d999e5c18253a801806804e98811ccbe376639464354bc15a0b904fa05b63ec8ada473689c5ea7ad796ae85e034df6219059bd5c79bffeb28c115bdb0d19722524d8377c49895c73d71185a9.ad.account.info=6fa74c609a01f31f1f670668df954f4642a4aae8018a18da4c03d16243c13ef38eef3d4c930bfcc10ff648310f1fa2df0b53d2e90e4e008262013ecaea9216ade7ff3bb99da99efbf32352721e7e79daddf2475a46a60bd484eb11c8a6bbc27374ab0862b47b212f41cf5778b89cfc474012bc82fdc8aca18ea8644ceeb8aa4271ceb5f80c1a132aa0348d3a65526470f0d9cdf6a931e78fa82c6be8fb275c7b329a787578eb5364b90ec06cbcaf62f0edec11cc97f096c6f6b6a724c4de2422139929f7a0fd215e63c46550aa14ed7870f84d43b70be36ed932ca8d20e50e52e03c85e97f51a47f4f92f7ca703164adcef554d74f96.ad.acc

                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\2B6H756KVSZI977F2WM1.temp

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\f_0002b5.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):3066
                                                                                    Entropy (8bit):2.953831920219753
                                                                                    Encrypted:false
                                                                                    SSDEEP:24:00xLOfmHO+7Wo/qk7B0xLOmnLO+rjD/qk7c:1LgGEoiioLpLZiic
                                                                                    MD5:293B8253377119DD68DE7DD9C5DF06E9
                                                                                    SHA1:D0CF601B32F019659DA04735BC6213DDF7A918C6
                                                                                    SHA-256:76E64DD7FC958896684770D6D1AE4BE9DDB902A31BD5C43C4CAD6E23063FF34E
                                                                                    SHA-512:57FC7E6BD55668D1A4FCAC272A3437E227D815276FA9660A534E63636C6DFAF7DC0B949B4702476779D93A6F6BCF5F2B1AA3D3D9AEE8ABECB2CF303F57268D17
                                                                                    Malicious:false
                                                                                    Reputation:low
                                                                                    Preview:...................................FL..................F.@ . ...T.,.r...T.,.r....7)l\...HMQ.....................d.b.2.HMQ..XP{ .f_0002b5.exe..F.......WC..WC.*.........................f._.0.0.0.2.b.5...e.x.e.......v...............-...8...[...........-..l.....C:\Users\..#...................\\830021\Users.user\Desktop\f_0002b5.exe...O.p.e.n. .a. .n.e.w. .A.n.y.D.e.s.k. .w.i.n.d.o.w...#.C.:.\.U.s.e.r.s.\.A.l.b.u.s.\.D.e.s.k.t.o.p.\.f._.0.0.0.2.b.5...e.x.e.........%USERPROFILE%\Desktop\f_0002b5.exe..................................................................................................................................................................................................................................%.U.S.E.R.P.R.O.F.I.L.E.%.\.D.e.s.k.t.o.p.\.f._.0.0.0.2.b.5...e.x.e...............................................................................................................................................................................................................

                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms (copy)

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\f_0002b5.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):3066
                                                                                    Entropy (8bit):2.953831920219753
                                                                                    Encrypted:false
                                                                                    SSDEEP:24:00xLOfmHO+7Wo/qk7B0xLOmnLO+rjD/qk7c:1LgGEoiioLpLZiic
                                                                                    MD5:293B8253377119DD68DE7DD9C5DF06E9
                                                                                    SHA1:D0CF601B32F019659DA04735BC6213DDF7A918C6
                                                                                    SHA-256:76E64DD7FC958896684770D6D1AE4BE9DDB902A31BD5C43C4CAD6E23063FF34E
                                                                                    SHA-512:57FC7E6BD55668D1A4FCAC272A3437E227D815276FA9660A534E63636C6DFAF7DC0B949B4702476779D93A6F6BCF5F2B1AA3D3D9AEE8ABECB2CF303F57268D17
                                                                                    Malicious:false
                                                                                    Reputation:low
                                                                                    Preview:...................................FL..................F.@ . ...T.,.r...T.,.r....7)l\...HMQ.....................d.b.2.HMQ..XP{ .f_0002b5.exe..F.......WC..WC.*.........................f._.0.0.0.2.b.5...e.x.e.......v...............-...8...[...........-..l.....C:\Users\..#...................\\830021\Users.user\Desktop\f_0002b5.exe...O.p.e.n. .a. .n.e.w. .A.n.y.D.e.s.k. .w.i.n.d.o.w...#.C.:.\.U.s.e.r.s.\.A.l.b.u.s.\.D.e.s.k.t.o.p.\.f._.0.0.0.2.b.5...e.x.e.........%USERPROFILE%\Desktop\f_0002b5.exe..................................................................................................................................................................................................................................%.U.S.E.R.P.R.O.F.I.L.E.%.\.D.e.s.k.t.o.p.\.f._.0.0.0.2.b.5...e.x.e...............................................................................................................................................................................................................

                                                                                    C:\Users\user\Desktop\gcapi.dll

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\f_0002b5.exe
                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                    Category:modified
                                                                                    Size (bytes):394240
                                                                                    Entropy (8bit):6.700175464943679
                                                                                    Encrypted:false
                                                                                    SSDEEP:6144:Tv/ioKdMF+LZD/ZRj1vwWrrUFMNoz4pFGxjEB1NYAOrabN2GZvFcD7:Td+LZrNwWrrwMNoz4vG1OYZabtK7
                                                                                    MD5:1CE7D5A1566C8C449D0F6772A8C27900
                                                                                    SHA1:60854185F6338E1BFC7497FD41AA44C5C00D8F85
                                                                                    SHA-256:73170761D6776C0DEBACFBBC61B6988CB8270A20174BF5C049768A264BB8FFAF
                                                                                    SHA-512:7E3411BE8614170AE91DB1626C452997DC6DB663D79130872A124AF982EE1D457CEFBA00ABD7F5269ADCE3052403BE31238AECC3934C7379D224CB792D519753
                                                                                    Malicious:false
                                                                                    Antivirus:
                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                    Joe Sandbox View:
                                                                                    • Filename: , Detection: malicious, Browse
                                                                                    • Filename: SysrI6zSkJ.exe, Detection: malicious, Browse
                                                                                    • Filename: SysrI6zSkJ.exe, Detection: malicious, Browse
                                                                                    • Filename: , Detection: malicious, Browse
                                                                                    • Filename: , Detection: malicious, Browse
                                                                                    • Filename: Project.lnk, Detection: malicious, Browse
                                                                                    • Filename: LiveChat.exe, Detection: malicious, Browse
                                                                                    • Filename: LiveChat.exe, Detection: malicious, Browse
                                                                                    • Filename: AnyDesk.exe, Detection: malicious, Browse
                                                                                    Reputation:moderate, very likely benign file
                                                                                    Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$........q.hB..;B..;B..;.I.:@..;...;W..;...;...;...;b..;.#;@..;!M.:U..;!M.:c..;!M.:u..;...;@..;,M.:...;...;Y..;B..;~..;,M.:e..;,M.:C..;,M.;C..;B.s;C..;,M.:C..;RichB..;........................PE..L......W.........."!................:.....................................................@.........................p................0.......................@..h2......8...........................p...@.......................@....................text...y........................... ..`.rdata...-..........................@..@.data...H5..........................@....gfids..(...........................@..@.tls......... ......................@....rsrc........0......................@..@.reloc..h2...@...4..................@..B................................................................................................................................................................

                                                                                    Static File Info

                                                                                    General

                                                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                    Entropy (8bit):7.999484622672807
                                                                                    TrID:
                                                                                    • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                    • DOS Executable Generic (2002/1) 0.02%
                                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                    File name:f_0002b5.exe
                                                                                    File size:5'328'200 bytes
                                                                                    MD5:aee6801792d67607f228be8cec8291f9
                                                                                    SHA1:bf6ba727ff14ca2fddf619f292d56db9d9088066
                                                                                    SHA256:1cdafbe519f60aaadb4a92e266fff709129f86f0c9ee595c45499c66092e0499
                                                                                    SHA512:09d9fc8702ab6fa4fc9323c37bc970b8a7dd180293b0dbf337de726476b0b9515a4f383fa294ba084eccf0698d1e3cb5a39d0ff9ea3ba40c8a56acafce3add4f
                                                                                    SSDEEP:98304:G5WW6KEdJxfpDVOMdq2668yIv1//nvkYCRThGXBJdicotUgwoAo5beyjF:y3vEbxfjf4Y8yofvktkLdurH5iyR
                                                                                    TLSH:5036333493648B79CCA3013002D5E6792B7EBC8A4DD789987D63E968F7DF6023F96211
                                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........h.}.;.}.;.}.;..";.}.;..#;.}.;...;.}.;...;.}.;Rich.}.;........................PE..L.....)f.........."......*....P..X#........

                                                                                    File Icon

                                                                                    Icon Hash:499669d8d82916a8

                                                                                    Static PE Info

                                                                                    General

                                                                                    Entrypoint:0x401ce5
                                                                                    Entrypoint Section:.text
                                                                                    Digitally signed:true
                                                                                    Imagebase:0x400000
                                                                                    Subsystem:windows gui
                                                                                    Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                    Time Stamp:0x662900C3 [Wed Apr 24 12:53:23 2024 UTC]
                                                                                    TLS Callbacks:
                                                                                    CLR (.Net) Version:
                                                                                    OS Version Major:5
                                                                                    OS Version Minor:1
                                                                                    File Version Major:5
                                                                                    File Version Minor:1
                                                                                    Subsystem Version Major:5
                                                                                    Subsystem Version Minor:1
                                                                                    Import Hash:

                                                                                    Authenticode Signature

                                                                                    Signature Valid:true
                                                                                    Signature Issuer:CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
                                                                                    Signature Validation Error:The operation completed successfully
                                                                                    Error Number:0
                                                                                    Not Before, Not After
                                                                                    • 2/11/2024 4:00:00 PM 2/12/2025 3:59:59 PM
                                                                                    Subject Chain
                                                                                    • CN=AnyDesk Software GmbH, O=AnyDesk Software GmbH, L=Stuttgart, S=Baden-W\xfcrttemberg, C=DE
                                                                                    Version:3
                                                                                    Thumbprint MD5:E4E34304F4315A15A0BC0E413363721E
                                                                                    Thumbprint SHA-1:CA38CF219C8E9782A8CBBD76643D24E4F2D74B03
                                                                                    Thumbprint SHA-256:AF74DC88EF91477F8A93E5DA98B3C80ECD6CB6A10271DC6DC768EC3F34239BC0
                                                                                    Serial:030E330A8ED28347BDA3BB478E410D7C

                                                                                    Entrypoint Preview

                                                                                    Instruction
                                                                                    push ebp
                                                                                    mov ebp, esp
                                                                                    sub esp, 64h
                                                                                    push esi
                                                                                    lea ecx, dword ptr [ebp-64h]
                                                                                    call 00007FAD816A42B3h
                                                                                    lea eax, dword ptr [ebp-64h]
                                                                                    mov ecx, eax
                                                                                    mov dword ptr [01B42AE0h], eax
                                                                                    call 00007FAD816A4171h
                                                                                    test al, al
                                                                                    jne 00007FAD816A48D4h
                                                                                    mov esi, 000003E8h
                                                                                    lea ecx, dword ptr [ebp-64h]
                                                                                    call 00007FAD816A415Fh
                                                                                    mov eax, esi
                                                                                    pop esi
                                                                                    leave
                                                                                    ret
                                                                                    lea eax, dword ptr [ebp-64h]
                                                                                    push eax
                                                                                    lea ecx, dword ptr [ebp-30h]
                                                                                    call 00007FAD816A3F93h
                                                                                    lea eax, dword ptr [ebp-30h]
                                                                                    mov ecx, eax
                                                                                    mov dword ptr [01B42AE4h], eax
                                                                                    call 00007FAD816A3F2Bh
                                                                                    test al, al
                                                                                    jne 00007FAD816A48D1h
                                                                                    lea ecx, dword ptr [ebp-30h]
                                                                                    call 00007FAD816A3F10h
                                                                                    mov esi, 000003E9h
                                                                                    jmp 00007FAD816A4887h
                                                                                    cmp dword ptr [ebp-10h], 00000000h
                                                                                    je 00007FAD816A48CAh
                                                                                    push 00000800h
                                                                                    call dword ptr [ebp-10h]
                                                                                    cmp dword ptr [ebp-0Ch], 00000000h
                                                                                    je 00007FAD816A48CAh
                                                                                    push 00008001h
                                                                                    call dword ptr [ebp-0Ch]
                                                                                    lea eax, dword ptr [ebp-64h]
                                                                                    push eax
                                                                                    lea esi, dword ptr [ebp-30h]
                                                                                    call 00007FAD816A4815h
                                                                                    pop ecx
                                                                                    mov esi, eax
                                                                                    push esi
                                                                                    call dword ptr [ebp-20h]
                                                                                    lea ecx, dword ptr [ebp-30h]
                                                                                    call 00007FAD816A3ED2h
                                                                                    jmp 00007FAD816A484Eh
                                                                                    mov edx, dword ptr [esp+04h]
                                                                                    push ebx
                                                                                    mov ebx, dword ptr [esp+10h]
                                                                                    push esi
                                                                                    xor esi, esi
                                                                                    test ebx, ebx
                                                                                    je 00007FAD816A48F1h
                                                                                    push edi
                                                                                    mov edi, dword ptr [esp+14h]
                                                                                    sub edi, 01B42AE8h
                                                                                    imul edx, edx, 0019660Dh
                                                                                    add edx, 3C6EF35Fh
                                                                                    mov eax, edx
                                                                                    shr eax, 0Ch

                                                                                    Rich Headers

                                                                                    Programming Language:
                                                                                    • [C++] VS2010 build 30319
                                                                                    • [ C ] VS2010 build 30319
                                                                                    • [RES] VS2010 SP1 build 40219
                                                                                    • [LNK] VS2010 build 30319

                                                                                    Data Directories

                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x17430000x4850.rsrc
                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x50fc000x5148.itext
                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x17480000x8c.reloc
                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x123a0000x1c.rdata
                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                    Sections

                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                    .text0x10000x28770x2a006de7d38e79590f5072b2fa25c8a461dbFalse0.6000744047619048data6.559086341196753IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                    .itext0x40000x12358000x0d41d8cd98f00b204e9800998ecf8427eunknownunknownunknownunknownIMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                    .rdata0x123a0000x2fa0x400bf5eee8accfc7d0f37b5d97724325e98False0.7275390625Matlab v4 mat-file (little endian) \234\242#\001\2340, numeric, rows 1713963203, columns 0, imaginary5.663602401873528IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                    .data0x123b0000x507eec0x507c00da9e83e5e1d5baf1ccdace3aa4312eeeunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                    .rsrc0x17430000x48500x4a00e02f811023480bcb805c46d630c69e50False0.5122994087837838data6.017396108357361IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                    .reloc0x17480000x3000x400dff545c0291c6bb280bbfb0224bbecb4False0.15234375data1.2203722656529061IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                    Resources

                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                    RT_ICON0x17432800x1b8ePNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9167848029486816
                                                                                    RT_ICON0x1744e100x668Device independent bitmap graphic, 48 x 96 x 4, image size 0EnglishUnited States0.299390243902439
                                                                                    RT_ICON0x17454780x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishUnited States0.478494623655914
                                                                                    RT_ICON0x17457600x1e8Device independent bitmap graphic, 24 x 48 x 4, image size 0EnglishUnited States0.48155737704918034
                                                                                    RT_ICON0x17459480x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishUnited States0.597972972972973
                                                                                    RT_ICON0x1745ac00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishUnited States0.09404315196998124
                                                                                    RT_ICON0x1746b680x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishUnited States0.2047872340425532
                                                                                    RT_GROUP_ICON0x1745a700x4cdataEnglishUnited States0.8026315789473685
                                                                                    RT_GROUP_ICON0x1746fd00x22dataEnglishUnited States1.0588235294117647
                                                                                    RT_VERSION0x1746ff80x250dataEnglishUnited States0.4814189189189189
                                                                                    RT_MANIFEST0x17472480x606XML 1.0 document, ASCII textEnglishUnited States0.45265888456549935

                                                                                    Possible Origin

                                                                                    Language of compilation systemCountry where language is spokenMap
                                                                                    EnglishUnited States

                                                                                    Network Behavior

                                                                                    Network Port Distribution

                                                                                    TCP Packets

                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                    May 22, 2024 17:26:38.848762035 CEST49163443192.168.2.2257.128.101.74
                                                                                    May 22, 2024 17:26:38.848805904 CEST4434916357.128.101.74192.168.2.22
                                                                                    May 22, 2024 17:26:38.848871946 CEST49163443192.168.2.2257.128.101.74
                                                                                    May 22, 2024 17:26:38.905550003 CEST49163443192.168.2.2257.128.101.74
                                                                                    May 22, 2024 17:26:38.905590057 CEST4434916357.128.101.74192.168.2.22
                                                                                    May 22, 2024 17:26:39.599873066 CEST4434916357.128.101.74192.168.2.22
                                                                                    May 22, 2024 17:26:39.599948883 CEST49163443192.168.2.2257.128.101.74
                                                                                    May 22, 2024 17:26:39.601464987 CEST49163443192.168.2.2257.128.101.74
                                                                                    May 22, 2024 17:26:39.601473093 CEST4434916357.128.101.74192.168.2.22
                                                                                    May 22, 2024 17:26:39.601676941 CEST4434916357.128.101.74192.168.2.22
                                                                                    May 22, 2024 17:26:39.601726055 CEST49163443192.168.2.2257.128.101.74
                                                                                    May 22, 2024 17:26:39.657952070 CEST49163443192.168.2.2257.128.101.74
                                                                                    May 22, 2024 17:26:39.694488049 CEST4916480192.168.2.22185.229.191.39
                                                                                    May 22, 2024 17:26:39.728821039 CEST8049164185.229.191.39192.168.2.22
                                                                                    May 22, 2024 17:26:39.728898048 CEST4916480192.168.2.22185.229.191.39
                                                                                    May 22, 2024 17:26:39.738115072 CEST4916480192.168.2.22185.229.191.39
                                                                                    May 22, 2024 17:26:39.751005888 CEST8049164185.229.191.39192.168.2.22
                                                                                    May 22, 2024 17:26:43.348225117 CEST8049164185.229.191.39192.168.2.22
                                                                                    May 22, 2024 17:26:43.358505964 CEST4916480192.168.2.22185.229.191.39
                                                                                    May 22, 2024 17:26:43.366688013 CEST8049164185.229.191.39192.168.2.22
                                                                                    May 22, 2024 17:26:43.534434080 CEST8049164185.229.191.39192.168.2.22
                                                                                    May 22, 2024 17:26:43.734030962 CEST8049164185.229.191.39192.168.2.22
                                                                                    May 22, 2024 17:26:43.734138966 CEST4916480192.168.2.22185.229.191.39
                                                                                    May 22, 2024 17:26:43.743508101 CEST4916480192.168.2.22185.229.191.39
                                                                                    May 22, 2024 17:26:43.745246887 CEST8049164185.229.191.39192.168.2.22
                                                                                    May 22, 2024 17:26:43.746531963 CEST4916480192.168.2.22185.229.191.39
                                                                                    May 22, 2024 17:26:43.801635981 CEST8049164185.229.191.39192.168.2.22
                                                                                    May 22, 2024 17:26:44.044605017 CEST8049164185.229.191.39192.168.2.22
                                                                                    May 22, 2024 17:26:44.064572096 CEST4916480192.168.2.22185.229.191.39
                                                                                    May 22, 2024 17:26:44.071486950 CEST8049164185.229.191.39192.168.2.22
                                                                                    May 22, 2024 17:26:44.071552992 CEST4916480192.168.2.22185.229.191.39
                                                                                    May 22, 2024 17:26:44.110025883 CEST49165443192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:44.110059977 CEST4434916589.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:44.110104084 CEST49165443192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:44.120218039 CEST49165443192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:44.120239973 CEST4434916589.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:44.602304935 CEST4434916589.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:44.602366924 CEST49165443192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:44.603130102 CEST49165443192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:44.603141069 CEST4434916589.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:44.603264093 CEST4434916589.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:44.603328943 CEST49165443192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:44.619060993 CEST49165443192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:44.634077072 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:44.649772882 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:44.649858952 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:44.654612064 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:44.670978069 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:45.117722034 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:45.139964104 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:45.146701097 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:45.248651981 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:45.255348921 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:45.266582966 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:45.516361952 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:45.650134087 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:45.650134087 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:45.654933929 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:45.681725025 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:45.681741953 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:45.681752920 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:45.947520971 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:45.979768991 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:45.984443903 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:46.060291052 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:46.062983036 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:46.065311909 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:46.073064089 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:46.073076010 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:46.294361115 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:46.302273989 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:46.302300930 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:46.302356005 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:46.309417009 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:46.315373898 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:46.499437094 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:46.500597000 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:46.555116892 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:46.603689909 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:46.686254978 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:46.686302900 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:46.688783884 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:46.700714111 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:46.789242029 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:46.789807081 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:46.796015978 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:46.886686087 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:46.887131929 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:46.921500921 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.014730930 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.015055895 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.015108109 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.015906096 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.015923977 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.016103983 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.016122103 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.016369104 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.016413927 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.016995907 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.017364025 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.017513037 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.017893076 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.018316031 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.018361092 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.019136906 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.019154072 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.019191980 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.019610882 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.020203114 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.020256042 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.020446062 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.105333090 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.105348110 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.105359077 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.105386019 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.105444908 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.106257915 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.106271029 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.106281996 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.106337070 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.107409000 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.107423067 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.107485056 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.107570887 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.107664108 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.108340979 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.108355045 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.108437061 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.108508110 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.108520985 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.108534098 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.108582973 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.109365940 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.109380960 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.109394073 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.109407902 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.109474897 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.109474897 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.110235929 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.110250950 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.110300064 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.111212015 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.111928940 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.111943007 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.111953974 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.111991882 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.111991882 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.116238117 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.116430044 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.116467953 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.117603064 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.122500896 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.190825939 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.190926075 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.190941095 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.190956116 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.190968037 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.191000938 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.191546917 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.191586018 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.191792965 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.191807032 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.191967010 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.192157984 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.192172050 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.192186117 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.192208052 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.192846060 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.192857981 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.192869902 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.192905903 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.192905903 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.193550110 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.193563938 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.193588972 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.194506884 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.196738958 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.196752071 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.196764946 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.196775913 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.196789026 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.196794033 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.196829081 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.197051048 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.197129011 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.197141886 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.197258949 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.197282076 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.197341919 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.198185921 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.198223114 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.198246002 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.198250055 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.198265076 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.198276997 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.198291063 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.198312998 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.198312998 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.199809074 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.199825048 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.199858904 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.199994087 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.200009108 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.200030088 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.200257063 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.200293064 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.200475931 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.200666904 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.200754881 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.200885057 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.200886965 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.200967073 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.201298952 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.201311111 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.201323032 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.201380968 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.201683998 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.201720953 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.202011108 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.208020926 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.213383913 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.278434992 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.278451920 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.278462887 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.278506994 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.278784037 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.278835058 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.279180050 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.279227018 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.279239893 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.279253006 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.279264927 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.279270887 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.279325962 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.279587984 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.279602051 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.279613018 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.279627085 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.279638052 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.279639006 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.279721022 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.280236006 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.280251026 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.280262947 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.280276060 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.280282974 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.280385017 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.281395912 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.281415939 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.281428099 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.281459093 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.281665087 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.281677961 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.281725883 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.281729937 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.281739950 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.281778097 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.282320023 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.282552958 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.282567024 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.282579899 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.282591105 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.282603025 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.282613993 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.282613039 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.282628059 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.282639980 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.282650948 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.282661915 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.282661915 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.282854080 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.283057928 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.283457994 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.283478022 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.283489943 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.283528090 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.284415007 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.284431934 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.284444094 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.284457922 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.284468889 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.284476042 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.284483910 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.284497023 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.284511089 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.284518957 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.284518957 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.284759998 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.285298109 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.285315990 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.285367966 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.285368919 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.285393953 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.285480976 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.286359072 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.286379099 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.286391020 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.286405087 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.286417007 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.286454916 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.286454916 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.288074970 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.288343906 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.288357973 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.288419008 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.288610935 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.288624048 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.288635015 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.288649082 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.288661957 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.288686037 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.288734913 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.289222956 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.289316893 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.374046087 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.374222994 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.374237061 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.374345064 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.374537945 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.374553919 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.374566078 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.374624968 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.374962091 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.374974966 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.374986887 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.374999046 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.375010967 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.375022888 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.375035048 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.375036001 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.375036001 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.375065088 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.375653028 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.375679016 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.375690937 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.375703096 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.375714064 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.375725985 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.375740051 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.375751019 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.375761032 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.375761032 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.375762939 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.375776052 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.375838995 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.375859022 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.376621008 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.376638889 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.376651049 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.376662970 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.376674891 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.376687050 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.376688004 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.376698971 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.376703024 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.376715899 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.376760006 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.376760006 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.376902103 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.377583027 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.377597094 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.377607107 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.377619982 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.377645016 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.377657890 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.377660990 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.377671003 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.377685070 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.377696991 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.377708912 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.377711058 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.377711058 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.377794027 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.377794027 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.378695011 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.378711939 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.378722906 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.378736019 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.378741026 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.378777027 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.378777027 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.378777027 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.378789902 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.378802061 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.378814936 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.378823996 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.378961086 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.379410028 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.380008936 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.380029917 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.380043983 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.380055904 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.380067110 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.380084038 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.380086899 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.380098104 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.380112886 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.380125999 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.380137920 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.380148888 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.380148888 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.380157948 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.380175114 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.380363941 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.380573988 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.380587101 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.380599022 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.380610943 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.380625010 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.380644083 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.380644083 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.381748915 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.381762981 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.381774902 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.381787062 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.381798983 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.381809950 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.381822109 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.381827116 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.381827116 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.381836891 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.381846905 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.381850004 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.381864071 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.381913900 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.381928921 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.382467031 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.382503033 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.382514954 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.382525921 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.382538080 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.382544994 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.382550955 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.382563114 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.382575989 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.382587910 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.382587910 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.382607937 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.382607937 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.383374929 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.383390903 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.383403063 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.383414984 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.383420944 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.383428097 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.383438110 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.383440971 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.383481979 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.383490086 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.383586884 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.460030079 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.460057974 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.460071087 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.460084915 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.460098028 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.460110903 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.460123062 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.460134029 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.460134029 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.460134029 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.460146904 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.460160017 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.460171938 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.460186005 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.460195065 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.460195065 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.460421085 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.460436106 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.460453033 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.460465908 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.460479021 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.460489988 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.460495949 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.460503101 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.460515022 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.460520983 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.460526943 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.460535049 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.460549116 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.460552931 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.460561037 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.460588932 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.460588932 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.460982084 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.461591005 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.461611032 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.461622953 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.461633921 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.461668968 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.461668968 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.461705923 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.461728096 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.461750031 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.461761951 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.461772919 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.461786985 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.461797953 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.461807013 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.461807013 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.461811066 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.461823940 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.461836100 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.461848021 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.462146044 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.462146997 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.462146997 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.463469028 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.463488102 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.463500023 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.463512897 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.463538885 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.463542938 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.463553905 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.463567019 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.463577986 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.463587999 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.463589907 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.463602066 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.463618994 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.463618994 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.463773012 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.463785887 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.463798046 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.463804007 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.463814020 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.463824987 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.463835955 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.463845968 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.463845968 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.463846922 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.463860989 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.463872910 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.463891983 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.463891983 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.463944912 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.464447021 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.464459896 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.464471102 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.464483976 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.464498043 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.464509964 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.464521885 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.464525938 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.464525938 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.464603901 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.464603901 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.465259075 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.465272903 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.465285063 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.465296984 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.465307951 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.465316057 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.465321064 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.465333939 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.465346098 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.465358019 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.465369940 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.465370893 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.465436935 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.465980053 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.465996027 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.466006994 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.466020107 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.466032028 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.466043949 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.466063023 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.466063023 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.466212988 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.466559887 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.466607094 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.466620922 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.466626883 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.466631889 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.466636896 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.466643095 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.466646910 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.466716051 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.466768026 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.567933083 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:47.589011908 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.693557024 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:26:47.770180941 CEST4916780192.168.2.2218.245.86.79
                                                                                    May 22, 2024 17:26:47.783323050 CEST804916718.245.86.79192.168.2.22
                                                                                    May 22, 2024 17:26:47.783395052 CEST4916780192.168.2.2218.245.86.79
                                                                                    May 22, 2024 17:26:47.783730984 CEST4916780192.168.2.2218.245.86.79
                                                                                    May 22, 2024 17:26:47.793287039 CEST804916718.245.86.79192.168.2.22
                                                                                    May 22, 2024 17:26:47.893347979 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:48.562555075 CEST804916718.245.86.79192.168.2.22
                                                                                    May 22, 2024 17:26:48.769107103 CEST804916718.245.86.79192.168.2.22
                                                                                    May 22, 2024 17:26:48.772216082 CEST4916780192.168.2.2218.245.86.79
                                                                                    May 22, 2024 17:26:48.930365086 CEST4916780192.168.2.2218.245.86.79
                                                                                    May 22, 2024 17:26:48.950856924 CEST804916718.245.86.79192.168.2.22
                                                                                    May 22, 2024 17:26:48.953192949 CEST4916780192.168.2.2218.245.86.79
                                                                                    May 22, 2024 17:26:57.705609083 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:26:57.716576099 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:27:07.720858097 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:27:07.741800070 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:27:17.751697063 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:27:17.779895067 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:27:27.798060894 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:27:27.823694944 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:27:37.829016924 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:27:37.840682030 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:27:47.859896898 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:27:47.868009090 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:27:57.875130892 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:27:57.886524916 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:28:07.890139103 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:28:07.895831108 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:28:17.905432940 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:28:18.126914024 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:28:28.140117884 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:28:28.187841892 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:28:38.185412884 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:28:38.200197935 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:28:48.200656891 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:28:48.226460934 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:28:58.232131004 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:28:58.257384062 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:29:08.262291908 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:29:08.267584085 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:29:18.277473927 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:29:18.472532988 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:29:28.479907036 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:29:28.490921021 CEST804916689.187.179.162192.168.2.22
                                                                                    May 22, 2024 17:29:38.495100975 CEST4916680192.168.2.2289.187.179.162
                                                                                    May 22, 2024 17:29:38.500325918 CEST804916689.187.179.162192.168.2.22

                                                                                    UDP Packets

                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                    May 22, 2024 17:26:38.594017982 CEST5482153192.168.2.228.8.8.8
                                                                                    May 22, 2024 17:26:38.643033028 CEST53548218.8.8.8192.168.2.22
                                                                                    May 22, 2024 17:26:39.663373947 CEST5471953192.168.2.228.8.8.8
                                                                                    May 22, 2024 17:26:39.690114021 CEST53547198.8.8.8192.168.2.22
                                                                                    May 22, 2024 17:26:44.069015026 CEST4988153192.168.2.228.8.8.8
                                                                                    May 22, 2024 17:26:44.077905893 CEST53498818.8.8.8192.168.2.22
                                                                                    May 22, 2024 17:26:44.623846054 CEST5499853192.168.2.228.8.8.8
                                                                                    May 22, 2024 17:26:44.632281065 CEST53549988.8.8.8192.168.2.22
                                                                                    May 22, 2024 17:26:47.746802092 CEST5278153192.168.2.228.8.8.8
                                                                                    May 22, 2024 17:26:47.768085003 CEST53527818.8.8.8192.168.2.22

                                                                                    DNS Queries

                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                    May 22, 2024 17:26:38.594017982 CEST192.168.2.228.8.8.80xc07cStandard query (0)boot.net.anydesk.comA (IP address)IN (0x0001)false
                                                                                    May 22, 2024 17:26:39.663373947 CEST192.168.2.228.8.8.80x9185Standard query (0)boot.net.anydesk.comA (IP address)IN (0x0001)false
                                                                                    May 22, 2024 17:26:44.069015026 CEST192.168.2.228.8.8.80x3d6bStandard query (0)relay-7360779b.net.anydesk.comA (IP address)IN (0x0001)false
                                                                                    May 22, 2024 17:26:44.623846054 CEST192.168.2.228.8.8.80xe4c4Standard query (0)relay-7360779b.net.anydesk.comA (IP address)IN (0x0001)false
                                                                                    May 22, 2024 17:26:47.746802092 CEST192.168.2.228.8.8.80x4ad2Standard query (0)api.playanext.comA (IP address)IN (0x0001)false

                                                                                    DNS Answers

                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                    May 22, 2024 17:26:38.643033028 CEST8.8.8.8192.168.2.220xc07cNo error (0)boot.net.anydesk.com57.128.101.74A (IP address)IN (0x0001)false
                                                                                    May 22, 2024 17:26:39.690114021 CEST8.8.8.8192.168.2.220x9185No error (0)boot.net.anydesk.com185.229.191.39A (IP address)IN (0x0001)false
                                                                                    May 22, 2024 17:26:44.077905893 CEST8.8.8.8192.168.2.220x3d6bNo error (0)relay-7360779b.net.anydesk.com89.187.179.162A (IP address)IN (0x0001)false
                                                                                    May 22, 2024 17:26:44.632281065 CEST8.8.8.8192.168.2.220xe4c4No error (0)relay-7360779b.net.anydesk.com89.187.179.162A (IP address)IN (0x0001)false
                                                                                    May 22, 2024 17:26:47.768085003 CEST8.8.8.8192.168.2.220x4ad2No error (0)api.playanext.comd1atxff5avezsq.cloudfront.netCNAME (Canonical name)IN (0x0001)false
                                                                                    May 22, 2024 17:26:47.768085003 CEST8.8.8.8192.168.2.220x4ad2No error (0)d1atxff5avezsq.cloudfront.net18.245.86.84A (IP address)IN (0x0001)false
                                                                                    May 22, 2024 17:26:47.768085003 CEST8.8.8.8192.168.2.220x4ad2No error (0)d1atxff5avezsq.cloudfront.net18.245.86.105A (IP address)IN (0x0001)false
                                                                                    May 22, 2024 17:26:47.768085003 CEST8.8.8.8192.168.2.220x4ad2No error (0)d1atxff5avezsq.cloudfront.net18.245.86.26A (IP address)IN (0x0001)false
                                                                                    May 22, 2024 17:26:47.768085003 CEST8.8.8.8192.168.2.220x4ad2No error (0)d1atxff5avezsq.cloudfront.net18.245.86.79A (IP address)IN (0x0001)false
                                                                                    May 22, 2024 17:26:49.114926100 CEST8.8.8.8192.168.2.220xd78cNo error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                    May 22, 2024 17:26:49.114926100 CEST8.8.8.8192.168.2.220xd78cNo error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false

                                                                                    HTTP Request Dependency Graph

                                                                                    • api.playanext.comuser-agent: anydesk

                                                                                    HTTP Packets

                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    0192.168.2.2249164185.229.191.39801424C:\Users\user\Desktop\f_0002b5.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    May 22, 2024 17:26:39.738115072 CEST274OUTData Raw: 16 03 01 01 0d 01 00 01 09 03 03 44 d4 95 6c 2e 86 98 b8 f4 c2 8c d1 d0 01 18 a0 32 ea 68 6c 5e 0e a2 bc d8 35 6b dc 43 a0 bb 10 00 00 6e c0 30 c0 2c c0 28 c0 24 c0 14 c0 0a 00 a5 00 a3 00 a1 00 9f 00 6b 00 6a 00 69 00 68 00 39 00 38 00 37 00 36
                                                                                    Data Ascii: Dl.2hl^5kCn0,($kjih98762.*&=5/+'#g@?>32101-)%</r#
                                                                                    May 22, 2024 17:26:43.348225117 CEST1236INData Raw: 16 03 03 00 57 02 00 00 53 03 03 39 42 50 52 82 cf c2 77 ce 48 ce 45 e9 5f 87 79 fc 81 1a 9e 75 d0 91 7f 44 4f 57 4e 47 52 44 01 20 24 23 f9 3d c3 cb ec ab 35 14 b2 81 3b 34 2a b3 2d 45 c1 64 cc e1 61 24 9c 4c 5d 35 a3 fb f0 5c c0 2c 00 00 0b ff
                                                                                    Data Ascii: WS9BPRwHE_yuDOWNGRD $#=5;4*-Eda$L]5\,OKHE0A0)yA0*H0J10UAnyNet Root CA 21 0Uphilandro Software GmbH10UDE0190227210728Z2902242
                                                                                    May 22, 2024 17:26:43.358505964 CEST1094OUTData Raw: 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30 82 02 a8 30 82 01 90 02 01 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 19 31 17 30 15 06 03 55 04 03 0c 0e 41 6e 79 44 65 73 6b 20 43 6c 69 65 6e 74 30 20 17 0d 32 34 30 35 32 32 31 35 32 36
                                                                                    Data Ascii: 000*H010UAnyDesk Client0 240522152636Z20740510152636Z010UAnyDesk Client0"0*H0XCl!$&KyE[_?C!.58zwq\&=N$`~Od'k8odO
                                                                                    May 22, 2024 17:26:43.534434080 CEST51INData Raw: 14 03 03 00 01 01 16 03 03 00 28 e1 2d de 0d 69 95 e1 27 1f 6b b9 4e f1 40 97 54 d2 9b 5a 8f 78 74 70 80 2d 13 76 2b d4 5f 72 3b ee 97 92 99 99 65 46 3a
                                                                                    Data Ascii: (-i'kN@TZxtp-v+_r;eF:
                                                                                    May 22, 2024 17:26:43.734030962 CEST40INData Raw: 17 03 03 00 23 e1 2d de 0d 69 95 e1 28 0a 20 cf 19 33 39 87 1f 6d 27 77 d5 d5 2b a1 60 27 f1 85 b0 35 e1 8a 72 91 b7 6c
                                                                                    Data Ascii: #-i( 39m'w+`'5rl
                                                                                    May 22, 2024 17:26:43.743508101 CEST87OUTData Raw: 17 03 03 00 52 71 53 20 5d 8c d8 bc 80 88 cc 88 71 be 41 9e 26 5b b9 7e 78 98 e1 7c 7f fa 04 af aa c5 7c 45 e6 df 84 03 74 44 b9 52 d2 44 b5 02 53 db e4 d3 0d b9 07 73 f4 09 a2 1e f7 1b 53 49 3a f0 84 49 bf ae e1 20 9e 01 c3 9e 20 6b db a3 01 d3
                                                                                    Data Ascii: RqS ]qA&[~x||EtDRDSsSI:I k*=
                                                                                    May 22, 2024 17:26:43.745246887 CEST40INData Raw: 17 03 03 00 23 e1 2d de 0d 69 95 e1 28 0a 20 cf 19 33 39 87 1f 6d 27 77 d5 d5 2b a1 60 27 f1 85 b0 35 e1 8a 72 91 b7 6c
                                                                                    Data Ascii: #-i( 39m'w+`'5rl
                                                                                    May 22, 2024 17:26:44.044605017 CEST426INData Raw: 17 03 03 01 a5 e1 2d de 0d 69 95 e1 29 77 75 4f 91 2d fd bf 1f 2f 86 75 8e 13 8c ce 2d 5e 28 0a 49 f4 4f 35 8e 46 74 36 a6 66 37 2a b4 26 0a 04 7d a9 f2 bb 21 91 7e 2f f4 91 2d 47 37 bd 66 27 c6 49 11 64 ee d1 0f e4 50 d3 e7 b8 12 65 87 d6 78 d1
                                                                                    Data Ascii: -i)wuO-/u-^(IO5Ft6f7*&}!~/-G7f'IdPex>}"Z]=`8.'3iSJ6N|_]=bKcRQ[+P` Qx8)F_$"r=8at"qjG>FeyQ@snuDT, 1V


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    1192.168.2.224916689.187.179.162801424C:\Users\user\Desktop\f_0002b5.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    May 22, 2024 17:26:44.654612064 CEST274OUTData Raw: 16 03 01 01 0d 01 00 01 09 03 03 48 82 bd ea 67 90 8d 56 ee 0c 14 f4 6f 2e 83 1c 60 f4 28 a8 2a 6a 4f d1 f0 8d 4e cc c0 0f 1f 80 00 00 6e c0 30 c0 2c c0 28 c0 24 c0 14 c0 0a 00 a5 00 a3 00 a1 00 9f 00 6b 00 6a 00 69 00 68 00 39 00 38 00 37 00 36
                                                                                    Data Ascii: HgVo.`(*jONn0,($kjih98762.*&=5/+'#g@?>32101-)%</r#
                                                                                    May 22, 2024 17:26:45.117722034 CEST1234INData Raw: 16 03 03 00 57 02 00 00 53 03 03 dd ab 62 07 a9 8a 36 58 d5 18 c3 e8 20 e0 41 48 f4 7f cd 27 94 0b 92 e5 44 4f 57 4e 47 52 44 01 20 45 1b 64 28 ff 65 7d 69 44 f7 72 05 a6 a3 32 27 5e 76 fb cf f1 b4 ad 82 e1 42 d9 c3 74 f0 be 46 c0 2c 00 00 0b ff
                                                                                    Data Ascii: WSb6X AH'DOWNGRD Ed(e}iDr2'^vBtF,OKHE0A0)yA0*H0J10UAnyNet Root CA 21 0Uphilandro Software GmbH10UDE0190227210728Z2902242
                                                                                    May 22, 2024 17:26:45.139964104 CEST1094OUTData Raw: 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30 82 02 a8 30 82 01 90 02 01 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 19 31 17 30 15 06 03 55 04 03 0c 0e 41 6e 79 44 65 73 6b 20 43 6c 69 65 6e 74 30 20 17 0d 32 34 30 35 32 32 31 35 32 36
                                                                                    Data Ascii: 000*H010UAnyDesk Client0 240522152636Z20740510152636Z010UAnyDesk Client0"0*H0XCl!$&KyE[_?C!.58zwq\&=N$`~Od'k8odO
                                                                                    May 22, 2024 17:26:45.248651981 CEST91INData Raw: 14 03 03 00 01 01 16 03 03 00 28 90 a3 ae 1a 5e 09 91 e6 74 bb 22 bd 9c f9 1b b2 01 5d 61 e1 62 91 23 ae 61 be 1f cf 22 b8 a4 32 7c fa d3 89 9a 0e e2 b2 17 03 03 00 23 90 a3 ae 1a 5e 09 91 e7 91 d4 ac d0 d8 41 13 01 a5 9f 82 eb 3b 08 00 e5 e9 d5
                                                                                    Data Ascii: (^t"]ab#a"2|#^A;Lj93
                                                                                    May 22, 2024 17:26:45.255348921 CEST87OUTData Raw: 17 03 03 00 52 74 3b 0c 16 86 fd 26 8e c2 8a ff 1b 30 c3 11 1f bb fd 3b 6a d3 3e 99 79 68 55 79 85 35 62 b8 d3 a3 2a 37 6c 45 28 25 9c 2e ca e7 c1 24 23 5b e5 73 8d 53 ee 12 22 fa cb 80 10 e3 a4 6a 34 2e 02 f7 c6 a3 f9 25 52 aa e7 c1 48 0f e2 b4
                                                                                    Data Ascii: Rt;&0;j>yhUy5b*7lE(%.$#[sS"j4.%RH+ps
                                                                                    May 22, 2024 17:26:45.516361952 CEST146INData Raw: 17 03 03 00 8d 90 a3 ae 1a 5e 09 91 e8 5f 99 ed eb cf 78 dc f2 46 76 ff 91 7e 5e f7 c8 1f 57 b3 a1 9c b8 19 30 da 48 38 08 bb f5 d3 71 b8 b1 36 eb 22 c4 2f 37 39 9b fe 7a a6 54 9c 0a bc 28 5b 80 ee 4a 70 d2 04 01 44 a9 bf a0 07 52 1e a9 d4 65 a7
                                                                                    Data Ascii: ^_xFv~^W0H8q6"/79zT([JpDRen%Nc|~!/n*E{Rj.cg>GZ
                                                                                    May 22, 2024 17:26:45.650134087 CEST618OUTData Raw: 17 03 03 02 65 74 3b 0c 16 86 fd 26 8f 11 b0 53 5f 36 d0 57 9b bc da 40 5c 11 74 03 c6 f4 f0 23 f8 c9 9f 51 7c d3 80 62 46 5e aa 8c 2a 62 0f d1 15 91 49 63 a5 c2 3e c2 2e f1 36 f3 1f 58 03 40 7a 34 fa 93 f5 d5 7d 3f c7 46 04 f8 ee 8e f1 27 4a d8
                                                                                    Data Ascii: et;&S_6W@\t#Q|bF^*bIc>.6X@z4}?F'JsxUi:L4K?&1|DY7$~uA)NI)fpVR)ral-|$ 8 _nY;$Bj/./#>R)1wv{
                                                                                    May 22, 2024 17:26:45.650134087 CEST61OUTData Raw: 17 03 03 00 38 74 3b 0c 16 86 fd 26 90 dc d9 0c 98 52 91 6c d1 7a 07 5f df 9e a1 1c 57 a5 41 2a 5d 11 b0 f0 86 13 4f 56 a8 e1 86 84 ae 3c b3 99 35 ec 51 b2 bb b5 79 b9 a8 98 4c 28 06
                                                                                    Data Ascii: 8t;&Rlz_WA*]OV<5QyL(
                                                                                    May 22, 2024 17:26:45.654933929 CEST539OUTData Raw: 17 03 03 02 16 74 3b 0c 16 86 fd 26 91 84 b4 74 f2 2c 09 1f b8 7d 41 6e 12 4c f4 2a 6f d6 e0 3c ae c9 03 5f 33 5b 0f f3 f9 2d 0e b8 cb f3 16 9a 7e f6 4b 7c 8f 26 b6 a1 ba 0c 8d d4 b4 06 82 2d 9c 75 19 89 4c 0a aa d4 9c a5 4e 13 d7 3c 3a 80 10 7d
                                                                                    Data Ascii: t;&t,}AnL*o<_3[-~K|&-uLN<:}DY'6mxNAL_[[Feq7Z/|;E`K'aTV.IU(=-0BIYHK\IxoOG1:WF;,Oo<pDn
                                                                                    May 22, 2024 17:26:45.947520971 CEST48INData Raw: 17 03 03 00 2b 90 a3 ae 1a 5e 09 91 e9 2c 07 37 c4 9a e9 96 ae 80 e4 4f 09 65 e9 86 1e dd c0 07 0d 2c df 8e 95 ac bc 38 9b f2 37 52 28 b8 78 cf
                                                                                    Data Ascii: +^,7Oe,87R(x


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    2192.168.2.224916718.245.86.79801424C:\Users\user\Desktop\f_0002b5.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    May 22, 2024 17:26:47.783730984 CEST509OUTPOST /httpapi HTTP/1.1Host: api.playanext.comUser-Agent: AnyDesk/8.0.10Accept: */*Content-Length: 354Content-Type: application/x-www-form-urlencodedapi_key=c1426bd258099fa69f62933b466d4b77&event=[{"event_type":"check_offer","user_id":"ce78ba6006c8d8502433d93ee0a50185","session_id":1716391606585606,"ip":"$remote","event_properties":{"method_used":"Google Chrome Criteria Checker","offer_product":"Google Chrome","distributor":"AnyDesk","distributor_product":"AnyDesk","user_country":"United States"}}
                                                                                    Data Raw:
                                                                                    Data Ascii:
                                                                                    May 22, 2024 17:26:48.562555075 CEST620INHTTP/1.1 200 OK
                                                                                    Content-Type: application/json
                                                                                    Content-Length: 0
                                                                                    Connection: keep-alive
                                                                                    Date: Wed, 22 May 2024 15:26:48 GMT
                                                                                    X-Amzn-Trace-Id: Root=1-664e0eb8-67c448a360eca81e003b707f;Parent=5f6c59a511646e45;Sampled=0;lineage=d7502c8f:0
                                                                                    x-amzn-RequestId: 2349cdee-f491-4317-b6d4-95718c572094
                                                                                    x-amz-apigw-id: YLc82EWeIAMEPLw=
                                                                                    Via: 1.1 e94c77a12a65a84cbcef7856ed7e0fb8.cloudfront.net (CloudFront), 1.1 b2340053ff948864db4d5e3c0ab3f3ea.cloudfront.net (CloudFront)
                                                                                    X-Amz-Cf-Pop: FRA56-P3
                                                                                    X-Cache: Miss from cloudfront
                                                                                    X-Amz-Cf-Pop: FRA60-P6
                                                                                    X-Amz-Cf-Id: U6s_XqGehlEvhc-glwO5D7PufUTruvKrvOM8ulLQ8xvbDusDg0I_4g==
                                                                                    May 22, 2024 17:26:48.769107103 CEST620INHTTP/1.1 200 OK
                                                                                    Content-Type: application/json
                                                                                    Content-Length: 0
                                                                                    Connection: keep-alive
                                                                                    Date: Wed, 22 May 2024 15:26:48 GMT
                                                                                    X-Amzn-Trace-Id: Root=1-664e0eb8-67c448a360eca81e003b707f;Parent=5f6c59a511646e45;Sampled=0;lineage=d7502c8f:0
                                                                                    x-amzn-RequestId: 2349cdee-f491-4317-b6d4-95718c572094
                                                                                    x-amz-apigw-id: YLc82EWeIAMEPLw=
                                                                                    Via: 1.1 e94c77a12a65a84cbcef7856ed7e0fb8.cloudfront.net (CloudFront), 1.1 b2340053ff948864db4d5e3c0ab3f3ea.cloudfront.net (CloudFront)
                                                                                    X-Amz-Cf-Pop: FRA56-P3
                                                                                    X-Cache: Miss from cloudfront
                                                                                    X-Amz-Cf-Pop: FRA60-P6
                                                                                    X-Amz-Cf-Id: U6s_XqGehlEvhc-glwO5D7PufUTruvKrvOM8ulLQ8xvbDusDg0I_4g==


                                                                                    Statistics

                                                                                    CPU Usage

                                                                                    Click to jump to process

                                                                                    Memory Usage

                                                                                    Click to jump to process

                                                                                    High Level Behavior Distribution

                                                                                    Click to dive into process behavior distribution

                                                                                    Behavior

                                                                                    Click to jump to process

                                                                                    System Behavior

                                                                                    General

                                                                                    Target ID:0
                                                                                    Start time:11:26:32
                                                                                    Start date:22/05/2024
                                                                                    Path:C:\Users\user\Desktop\f_0002b5.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:"C:\Users\user\Desktop\f_0002b5.exe"
                                                                                    Imagebase:0x13a0000
                                                                                    File size:5'328'200 bytes
                                                                                    MD5 hash:AEE6801792D67607F228BE8CEC8291F9
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Reputation:low
                                                                                    Has exited:false

                                                                                    General

                                                                                    Target ID:2
                                                                                    Start time:11:26:33
                                                                                    Start date:22/05/2024
                                                                                    Path:C:\Users\user\Desktop\f_0002b5.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:"C:\Users\user\Desktop\f_0002b5.exe" --local-service
                                                                                    Imagebase:0x13a0000
                                                                                    File size:5'328'200 bytes
                                                                                    MD5 hash:AEE6801792D67607F228BE8CEC8291F9
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Reputation:low
                                                                                    Has exited:false

                                                                                    General

                                                                                    Target ID:3
                                                                                    Start time:11:26:33
                                                                                    Start date:22/05/2024
                                                                                    Path:C:\Users\user\Desktop\f_0002b5.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:"C:\Users\user\Desktop\f_0002b5.exe" --local-control
                                                                                    Imagebase:0xff930000
                                                                                    File size:5'328'200 bytes
                                                                                    MD5 hash:AEE6801792D67607F228BE8CEC8291F9
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Reputation:low
                                                                                    Has exited:false

                                                                                    Disassembly

                                                                                    Reset < >

                                                                                      Execution Graph

                                                                                      Execution Coverage:1.6%
                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                      Signature Coverage:3.1%
                                                                                      Total number of Nodes:613
                                                                                      Total number of Limit Nodes:32
                                                                                      execution_graph 34893 693a133a 27 API calls 34894 693bdb30 32 API calls 2 library calls 34287 693cb731 34288 693cb76d 34287->34288 34289 693cb736 34287->34289 34318 693c6183 IsProcessorFeaturePresent 34288->34318 34289->34288 34291 693cb8f3 __Getctype 20 API calls 34289->34291 34292 693cb745 34291->34292 34293 693cb77c 34292->34293 34322 693d45cd 40 API calls __cftoe 34292->34322 34323 693ccba5 20 API calls _free 34293->34323 34296 693cb782 34297 693cb75c 34297->34288 34297->34293 34298 693cb795 CallCatchBlock 34302 693cb7b6 CallCatchBlock 34298->34302 34324 693cfbb0 36 API calls 3 library calls 34298->34324 34300 693cb7c2 34325 693d486e 41 API calls 2 library calls 34300->34325 34304 693c6183 __Getctype 11 API calls 34306 693cb7e7 34304->34306 34306->34302 34306->34304 34307 693cb85a 34306->34307 34309 693cb84a 34306->34309 34326 693cc844 34306->34326 34335 693d486e 41 API calls 2 library calls 34306->34335 34337 693cb688 EnterCriticalSection 34307->34337 34309->34307 34311 693cb84e 34309->34311 34310 693cb864 34316 693cb887 34310->34316 34338 693ccba5 20 API calls _free 34310->34338 34336 693ccba5 20 API calls _free 34311->34336 34312 693cb8bd 34340 693cb8ea LeaveCriticalSection std::_Lockit::~_Lockit 34312->34340 34316->34312 34339 693ccba5 20 API calls _free 34316->34339 34319 693c618e 34318->34319 34320 693c5f8c _abort 8 API calls 34319->34320 34321 693c61a3 GetCurrentProcess TerminateProcess 34320->34321 34321->34298 34322->34297 34323->34296 34324->34300 34325->34306 34327 693cc882 34326->34327 34328 693cc852 34326->34328 34342 693cabdd 20 API calls _abort 34327->34342 34329 693cc86d HeapAlloc 34328->34329 34330 693cc856 __Getctype 34328->34330 34329->34330 34332 693cc880 34329->34332 34330->34327 34330->34329 34341 693cb48e 7 API calls 2 library calls 34330->34341 34333 693cc887 34332->34333 34333->34306 34335->34306 34336->34302 34337->34310 34338->34316 34339->34312 34340->34302 34341->34330 34342->34333 34759 693e5133 132 API calls __DllMainCRTStartup@12 34760 693a4d29 23 API calls 3 library calls 34761 693dad29 45 API calls 3 library calls 34895 693db329 40 API calls 2 library calls 34762 693cb524 44 API calls 2 library calls 34763 693be120 69 API calls 34742 693cfd23 34750 693cf003 34742->34750 34746 693cfd4c 34747 693cfd3f 34747->34746 34758 693cfd4f 11 API calls 34747->34758 34749 693cfd37 34751 693cee1f _abort 5 API calls 34750->34751 34752 693cf02a 34751->34752 34753 693cf042 TlsAlloc 34752->34753 34754 693cf033 34752->34754 34753->34754 34755 693c0c5d _ValidateLocalCookies 5 API calls 34754->34755 34756 693cf053 34755->34756 34756->34749 34757 693cfc9e 20 API calls 3 library calls 34756->34757 34757->34747 34758->34749 34098 693a171f 34099 693a1722 34098->34099 34102 693bfdbc 40 API calls __Getctype 34099->34102 34101 693a1741 34102->34101 34764 693e0518 135 API calls 34766 693bd910 63 API calls 34767 693b3110 AcquireSRWLockExclusive timeGetTime ReleaseSRWLockExclusive 34237 693a1716 40 API calls __Getctype 34768 693cf510 FreeLibrary 34343 693c0912 34344 693c091d 34343->34344 34345 693c0950 dllmain_crt_process_detach 34343->34345 34346 693c0942 dllmain_crt_process_attach 34344->34346 34347 693c0922 34344->34347 34352 693c092c 34345->34352 34346->34352 34348 693c0938 34347->34348 34349 693c0927 34347->34349 34354 693c0d42 29 API calls 34348->34354 34349->34352 34353 693c0d61 27 API calls 34349->34353 34353->34352 34354->34352 34899 693e4306 122 API calls 3 library calls 34903 693b8300 118 API calls 2 library calls 34904 693c5300 6 API calls 3 library calls 34905 693d2301 44 API calls 7 library calls 34772 693a4570 43 API calls 2 library calls 34773 693d2156 26 API calls _free 34909 693d4f6d 34 API calls 2 library calls 34910 693e476f 120 API calls 2 library calls 34774 693c0d6e 20 API calls ___scrt_initialize_onexit_tables 34912 693be75e 100 API calls 2 library calls 34577 693c0965 34578 693c0971 CallCatchBlock 34577->34578 34597 693c0dd1 34578->34597 34580 693c0978 34581 693c09a5 34580->34581 34591 693c097d CallCatchBlock 34580->34591 34624 693c14b2 IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 34580->34624 34608 693c0d34 34581->34608 34584 693c09b4 __RTC_Initialize 34585 693c0fae 23 API calls 34584->34585 34584->34591 34586 693c09c7 34585->34586 34611 693c1471 InitializeSListHead 34586->34611 34588 693c09cc 34589 693c0fae 23 API calls 34588->34589 34590 693c09d8 ___scrt_initialize_default_local_stdio_options 34589->34590 34612 693cd16f 34590->34612 34595 693c09f9 34595->34591 34620 693cd113 34595->34620 34598 693c0dda 34597->34598 34625 693c168b IsProcessorFeaturePresent 34598->34625 34600 693c0de6 34626 693c545a 34600->34626 34602 693c0deb 34603 693c0def 34602->34603 34638 693cde13 34602->34638 34603->34580 34606 693c0e06 34606->34580 34730 693c0e0a 34608->34730 34610 693c0d3b 34610->34584 34611->34588 34613 693cd186 34612->34613 34614 693c0c5d _ValidateLocalCookies 5 API calls 34613->34614 34615 693c09ee 34614->34615 34615->34591 34616 693c0d09 34615->34616 34617 693c0d0e ___scrt_initialize_onexit_tables 34616->34617 34619 693c0d17 34617->34619 34736 693c168b IsProcessorFeaturePresent 34617->34736 34619->34595 34622 693cd142 34620->34622 34621 693c0c5d _ValidateLocalCookies 5 API calls 34623 693cd16b 34621->34623 34622->34621 34623->34591 34624->34581 34625->34600 34627 693c545f ___vcrt_initialize_pure_virtual_call_handler 34626->34627 34642 693c5c0e 34627->34642 34631 693c5475 34632 693c5479 34631->34632 34633 693c5480 34631->34633 34656 693c5c4a DeleteCriticalSection 34632->34656 34657 693c5296 GetProcAddress LoadLibraryExW GetLastError LoadLibraryExW FreeLibrary 34633->34657 34636 693c546d 34636->34602 34637 693c5485 34637->34602 34685 693d7b94 34638->34685 34641 693c549e 8 API calls 4 library calls 34641->34603 34643 693c5c17 34642->34643 34645 693c5c40 34643->34645 34646 693c5469 34643->34646 34658 693c5a0a 34643->34658 34663 693c5c4a DeleteCriticalSection 34645->34663 34646->34636 34648 693c5638 34646->34648 34678 693c591f 34648->34678 34650 693c5642 34651 693c564d 34650->34651 34683 693c59cd 6 API calls ___vcrt_EventWriteTransfer 34650->34683 34651->34631 34653 693c565b 34654 693c5668 34653->34654 34684 693c566b 6 API calls ___vcrt_FlsFree 34653->34684 34654->34631 34656->34636 34657->34637 34664 693c56f8 34658->34664 34661 693c5a41 InitializeCriticalSectionAndSpinCount 34662 693c5a2d 34661->34662 34662->34643 34663->34646 34665 693c572c 34664->34665 34669 693c5728 34664->34669 34665->34661 34665->34662 34666 693c574c 34666->34665 34668 693c5758 GetProcAddress 34666->34668 34670 693c5768 __crt_fast_encode_pointer 34668->34670 34669->34665 34669->34666 34671 693c5798 34669->34671 34670->34665 34672 693c57c0 LoadLibraryExW 34671->34672 34676 693c57b5 34671->34676 34673 693c57dc GetLastError 34672->34673 34674 693c57f4 34672->34674 34673->34674 34677 693c57e7 LoadLibraryExW 34673->34677 34675 693c580b FreeLibrary 34674->34675 34674->34676 34675->34676 34676->34669 34677->34674 34679 693c56f8 ___vcrt_EventWriteTransfer 5 API calls 34678->34679 34680 693c5939 34679->34680 34681 693c5951 TlsAlloc 34680->34681 34682 693c5942 34680->34682 34682->34650 34683->34653 34684->34651 34688 693d7bb1 34685->34688 34689 693d7bad 34685->34689 34686 693c0c5d _ValidateLocalCookies 5 API calls 34687 693c0df8 34686->34687 34687->34606 34687->34641 34688->34689 34691 693cf790 34688->34691 34689->34686 34692 693cf79c CallCatchBlock 34691->34692 34703 693cb688 EnterCriticalSection 34692->34703 34694 693cf7a3 34704 693ca735 34694->34704 34696 693cf7b2 34702 693cf7c1 34696->34702 34715 693cf624 23 API calls 34696->34715 34699 693cf7bc 34716 693cf6da GetStdHandle GetFileType 34699->34716 34700 693cf7d2 CallCatchBlock 34700->34688 34717 693cf7dd LeaveCriticalSection std::_Lockit::~_Lockit 34702->34717 34703->34694 34705 693ca741 CallCatchBlock 34704->34705 34706 693ca74e 34705->34706 34707 693ca765 34705->34707 34726 693cabdd 20 API calls _abort 34706->34726 34718 693cb688 EnterCriticalSection 34707->34718 34710 693ca79d 34727 693ca7c4 LeaveCriticalSection std::_Lockit::~_Lockit 34710->34727 34712 693ca753 __fread_nolock CallCatchBlock 34712->34696 34713 693ca771 34713->34710 34719 693ca686 34713->34719 34715->34699 34716->34702 34717->34700 34718->34713 34720 693cb8f3 __Getctype 20 API calls 34719->34720 34722 693ca698 34720->34722 34721 693ca6a5 34729 693ccba5 20 API calls _free 34721->34729 34722->34721 34728 693cf25d 11 API calls 2 library calls 34722->34728 34725 693ca6f7 34725->34713 34726->34712 34727->34712 34728->34722 34729->34725 34731 693c0e18 34730->34731 34734 693c0e1d ___scrt_initialize_onexit_tables 34730->34734 34731->34734 34735 693c14b2 IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 34731->34735 34733 693c0ea0 34734->34610 34735->34733 34736->34619 34915 693a1760 44 API calls 34775 693bd960 66 API calls 34916 693b3360 30 API calls 34737 693a6566 34738 693a6572 34737->34738 34740 693a65ae 34738->34740 34741 693bfc5e 4 API calls 2 library calls 34738->34741 34741->34740 34777 693d1cf7 55 API calls 2 library calls 34779 693cdd56 8 API calls ___scrt_uninitialize_crt 34919 693b1b55 Sleep 34782 693bc940 33 API calls 2 library calls 34921 693cd347 50 API calls 2 library calls 34783 693cc941 21 API calls 34924 693b2bb2 5 API calls _ValidateLocalCookies 34784 693c61b6 49 API calls 5 library calls 34785 693bddb0 23 API calls 34925 693c03b7 41 API calls 34786 693d99b1 43 API calls 3 library calls 34928 693a3fa0 56 API calls _ValidateLocalCookies 34789 693b71a0 8 API calls 34930 693da7a2 42 API calls 3 library calls 34791 693b5d90 108 API calls 4 library calls 34792 693c2d95 46 API calls 34932 693d2b96 61 API calls 3 library calls 34935 693a1b95 29 API calls 2 library calls 34936 693b1b8b 31 API calls _abort 34566 693a158d 34569 693bf98b 34566->34569 34570 693bf997 34569->34570 34575 693bf7de 4 API calls 2 library calls 34570->34575 34572 693bf9af 34576 693bf7de 4 API calls 2 library calls 34572->34576 34574 693a1594 34575->34572 34576->34574 34797 693dd584 49 API calls 34798 693a1d80 43 API calls 2 library calls 34087 693a6bfb 34088 693a6c36 34087->34088 34090 693a6c03 34087->34090 34097 693c5db7 36 API calls 3 library calls 34088->34097 34095 693bf854 9 API calls new 34090->34095 34092 693a6c22 34096 693bf69b LeaveCriticalSection LeaveCriticalSection std::_Lockit::~_Lockit 34092->34096 34094 693a6c2d 34095->34092 34096->34094 34097->34090 34945 693b1ff0 31 API calls 2 library calls 34804 693da5f0 27 API calls 2 library calls 34948 693dffec 164 API calls 3 library calls 34949 693b1be9 14 API calls new 34950 693cf7e6 21 API calls 34808 693e45dd 106 API calls 2 library calls 34955 693c0bda ___scrt_dllmain_exception_filter 34959 693d77d1 56 API calls 5 library calls 34814 693a15c9 HeapFree ___std_exception_copy 34103 693c0c3a 34104 693c0c48 34103->34104 34105 693c0c43 34103->34105 34109 693c0af4 34104->34109 34126 693c13d5 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 34105->34126 34108 693c0c56 34110 693c0b00 CallCatchBlock 34109->34110 34111 693c0b29 dllmain_raw 34110->34111 34113 693c0b0f CallCatchBlock 34110->34113 34114 693c0b24 34110->34114 34112 693c0b43 dllmain_crt_dispatch 34111->34112 34111->34113 34112->34113 34112->34114 34113->34108 34115 693c0b65 34114->34115 34127 693c515e 12 API calls 2 library calls 34114->34127 34128 693bef28 92 API calls 2 library calls 34115->34128 34118 693c0b70 34119 693c0b9c 34118->34119 34129 693bef28 92 API calls 2 library calls 34118->34129 34120 693c0baf 34119->34120 34130 693c51fa 12 API calls 2 library calls 34119->34130 34120->34113 34122 693c0bb9 dllmain_crt_dispatch 34120->34122 34122->34113 34124 693c0bcc dllmain_raw 34122->34124 34124->34113 34125 693c0b88 dllmain_crt_dispatch dllmain_raw 34125->34119 34126->34104 34127->34115 34128->34118 34129->34125 34130->34120 34817 693bec33 102 API calls 3 library calls 34818 693bf832 5 API calls 2 library calls 34355 693cf42c 34376 693ced01 5 API calls _abort 34355->34376 34357 693cf431 34377 693ced1b 5 API calls _abort 34357->34377 34359 693cf436 34378 693ced35 5 API calls _abort 34359->34378 34361 693cf43b 34379 693ced4f 34361->34379 34365 693cf445 34383 693ced83 5 API calls _abort 34365->34383 34367 693cf44a 34384 693ced9d 5 API calls _abort 34367->34384 34369 693cf44f 34385 693cedb7 5 API calls _abort 34369->34385 34371 693cf454 34386 693cedeb 34371->34386 34375 693cf45e 34375->34375 34376->34357 34377->34359 34378->34361 34392 693cee1f 34379->34392 34382 693ced69 5 API calls _abort 34382->34365 34383->34367 34384->34369 34385->34371 34387 693cee1f _abort 5 API calls 34386->34387 34388 693cee01 34387->34388 34389 693cedd1 34388->34389 34390 693cee1f _abort 5 API calls 34389->34390 34391 693cede7 34390->34391 34391->34375 34393 693ced65 34392->34393 34397 693cee4b 34392->34397 34393->34382 34394 693cee6f 34394->34393 34396 693cee7b GetProcAddress 34394->34396 34398 693cee8b __crt_fast_encode_pointer 34396->34398 34397->34393 34397->34394 34399 693ceebb 34397->34399 34398->34393 34400 693ceedc LoadLibraryExW 34399->34400 34401 693ceed1 34399->34401 34402 693ceef9 GetLastError 34400->34402 34403 693cef11 34400->34403 34401->34397 34402->34403 34404 693cef04 LoadLibraryExW 34402->34404 34403->34401 34405 693cef28 FreeLibrary 34403->34405 34404->34403 34405->34401 34821 693cb428 GetProcessHeap 34964 693a521a 15 API calls 3 library calls 34965 693b7620 31 API calls 3 library calls 34833 693bf07a 19 API calls ___delayLoadHelper2@8 34834 693c147d 21 API calls ___std_type_info_destroy_list 34971 693bfa7e 4 API calls 3 library calls 34974 693c0a77 41 API calls 3 library calls 34975 693a1271 24 API calls std::_Init_locks::_Init_locks 34977 693bf674 DeleteCriticalSection std::_Init_locks::~_Init_locks 34978 693d826d 53 API calls 2 library calls 34838 693b1c4a 12 API calls new 34979 693e8266 22 API calls __floor_pentium4 34982 693a1265 23 API calls 34841 693e1858 126 API calls 2 library calls 34985 693b3250 QueryPerformanceCounter 34238 693dfe51 34253 693df564 34238->34253 34243 693df4a3 4 API calls 34244 693dfe83 34243->34244 34245 693dfe9a 34244->34245 34267 693df787 RegCreateKeyExW 34244->34267 34246 693dfec4 34245->34246 34247 693dfeb3 34245->34247 34276 693deefe 62 API calls _ValidateLocalCookies 34247->34276 34251 693dfebb 34251->34246 34277 693c20b0 34253->34277 34256 693df5ad 34257 693c0c5d _ValidateLocalCookies 5 API calls 34256->34257 34258 693df5c8 34257->34258 34259 693df4a3 34258->34259 34260 693df4b2 34259->34260 34279 693b40d0 RegOpenKeyExW 34260->34279 34266 693df4d8 34284 693b3f80 34266->34284 34268 693df81b 34267->34268 34269 693df7d5 lstrlenW RegSetValueExW 34267->34269 34270 693c0c5d _ValidateLocalCookies 5 API calls 34268->34270 34271 693df7f5 RegDeleteValueW 34269->34271 34272 693df804 RegCloseKey 34269->34272 34273 693df82a 34270->34273 34271->34272 34272->34268 34274 693df813 RegDeleteKeyW 34272->34274 34273->34245 34275 693df711 8 API calls _ValidateLocalCookies 34273->34275 34274->34268 34275->34245 34276->34251 34278 693c20c7 GetVersionExW 34277->34278 34278->34256 34280 693b4109 34279->34280 34281 693b411b 34279->34281 34280->34281 34282 693b410f RegCloseKey 34280->34282 34281->34266 34283 693b4140 RegQueryValueExW 34281->34283 34282->34281 34283->34266 34285 693b3f89 RegCloseKey 34284->34285 34286 693b3f9d 34284->34286 34285->34286 34286->34243 34843 693e4850 121 API calls 34844 693db84c CloseHandle 34987 693cba4e 51 API calls 4 library calls 34845 693dfc48 39 API calls 34847 693c2446 49 API calls 2 library calls 34992 693cb647 12 API calls _abort 34993 693cd640 58 API calls 34994 693daebd 39 API calls 2 library calls 34995 693a12b9 46 API calls __DllMainCRTStartup@12 34131 693a64b0 34136 693c08da 34131->34136 34135 693a64ca 34138 693c08df 34136->34138 34139 693a64c1 34138->34139 34155 693bf02e 34138->34155 34160 693cb48e 7 API calls 2 library calls 34138->34160 34161 693c13b8 RaiseException __CxxThrowException@8 new 34138->34161 34162 693c139b RaiseException Concurrency::cancel_current_task __CxxThrowException@8 34138->34162 34143 693bf888 34139->34143 34144 693bf894 __EH_prolog3 34143->34144 34165 693bf643 34144->34165 34150 693bf90e std::locale::_Init 34150->34135 34154 693bf8d0 34181 693bf69b LeaveCriticalSection LeaveCriticalSection std::_Lockit::~_Lockit 34154->34181 34157 693bf033 34155->34157 34158 693bf061 34157->34158 34163 693cb4d2 EnterCriticalSection LeaveCriticalSection _abort CallCatchBlock new 34157->34163 34164 693befaf HeapAlloc ___std_exception_copy 34157->34164 34158->34138 34160->34138 34163->34157 34164->34157 34166 693bf659 34165->34166 34167 693bf652 34165->34167 34169 693bf657 34166->34169 34183 693c00dd EnterCriticalSection 34166->34183 34182 693cb6e7 EnterCriticalSection _abort 34167->34182 34169->34154 34171 693bf9f8 34169->34171 34172 693c08da new 9 API calls 34171->34172 34173 693bfa03 34172->34173 34174 693bf8b2 34173->34174 34184 693bf6ba HeapAlloc HeapFree EnterCriticalSection LeaveCriticalSection _Yarn 34173->34184 34176 693bfa1d 34174->34176 34177 693bf8ba 34176->34177 34178 693bfa29 34176->34178 34180 693bf7de 4 API calls 2 library calls 34177->34180 34185 693c015d 34178->34185 34180->34154 34181->34150 34182->34169 34183->34169 34184->34174 34186 693c016d RtlEncodePointer 34185->34186 34187 693c5db7 34185->34187 34186->34177 34208 693ce98d EnterCriticalSection LeaveCriticalSection _abort 34187->34208 34189 693c5dc8 34192 693c5dd1 IsProcessorFeaturePresent 34189->34192 34193 693c5def 34189->34193 34190 693c5dbc 34190->34189 34209 693ce9e8 36 API calls 4 library calls 34190->34209 34194 693c5ddc 34192->34194 34216 693c9f77 28 API calls _abort 34193->34216 34210 693c5f8c 34194->34210 34197 693c5df9 34217 693cb8f3 34197->34217 34201 693c5e2d 34202 693cb8f3 __Getctype 20 API calls 34201->34202 34206 693c5e53 34201->34206 34203 693c5e47 34202->34203 34225 693ccba5 20 API calls _free 34203->34225 34207 693c5e5f 34206->34207 34226 693cf25d 11 API calls 2 library calls 34206->34226 34207->34177 34208->34190 34209->34189 34211 693c5fa8 _abort ___scrt_fastfail 34210->34211 34212 693c5fd4 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 34211->34212 34213 693c60a5 _abort 34212->34213 34227 693c0c5d 34213->34227 34215 693c60c3 34215->34193 34216->34197 34223 693cb900 __Getctype 34217->34223 34218 693cb940 34236 693cabdd 20 API calls _abort 34218->34236 34219 693cb92b RtlAllocateHeap 34220 693c5e21 34219->34220 34219->34223 34224 693ccba5 20 API calls _free 34220->34224 34223->34218 34223->34219 34235 693cb48e 7 API calls 2 library calls 34223->34235 34224->34201 34225->34206 34226->34206 34228 693c0c68 IsProcessorFeaturePresent 34227->34228 34229 693c0c66 34227->34229 34231 693c0fff 34228->34231 34229->34215 34234 693c0fc3 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 34231->34234 34233 693c10e2 34233->34215 34234->34233 34235->34223 34236->34220 34851 693b1cb0 99 API calls 2 library calls 34997 693e1eb5 98 API calls 3 library calls 34999 693d56b0 21 API calls 34406 693d74ac 34407 693d74b5 34406->34407 34408 693d74eb 34406->34408 34412 693cfc34 34407->34412 34413 693cfc3f 34412->34413 34414 693cfc45 34412->34414 34448 693cf0af 11 API calls 2 library calls 34413->34448 34416 693cb8f3 __Getctype 20 API calls 34414->34416 34418 693cfc94 34414->34418 34417 693cfc57 34416->34417 34419 693cfc5f 34417->34419 34450 693cf105 11 API calls 2 library calls 34417->34450 34430 693d730c 34418->34430 34449 693ccba5 20 API calls _free 34419->34449 34422 693cfc74 34422->34419 34423 693cfc7b 34422->34423 34451 693cf9f6 20 API calls _abort 34423->34451 34425 693cfc86 34452 693ccba5 20 API calls _free 34425->34452 34428 693cfc9d 34429 693cfc65 34429->34418 34453 693c5db7 36 API calls 3 library calls 34429->34453 34454 693d7419 34430->34454 34432 693d7321 34461 693d70a0 34432->34461 34435 693d733a 34435->34408 34436 693cc844 __fread_nolock 21 API calls 34437 693d734b 34436->34437 34438 693d737d 34437->34438 34468 693d750d 34437->34468 34479 693ccba5 20 API calls _free 34438->34479 34442 693d7378 34478 693cabdd 20 API calls _abort 34442->34478 34444 693d73c1 34444->34438 34481 693d6fb7 20 API calls 34444->34481 34445 693d7395 34445->34444 34480 693ccba5 20 API calls _free 34445->34480 34448->34414 34449->34429 34450->34422 34451->34425 34452->34429 34453->34428 34456 693d7425 CallCatchBlock 34454->34456 34457 693d74a4 CallCatchBlock 34456->34457 34482 693c5db7 36 API calls 3 library calls 34456->34482 34483 693cb688 EnterCriticalSection 34456->34483 34484 693ccba5 20 API calls _free 34456->34484 34485 693d749b LeaveCriticalSection std::_Lockit::~_Lockit 34456->34485 34457->34432 34486 693c7326 34461->34486 34464 693d70c1 GetOEMCP 34467 693d70ea 34464->34467 34465 693d70d3 34466 693d70d8 GetACP 34465->34466 34465->34467 34466->34467 34467->34435 34467->34436 34469 693d70a0 38 API calls 34468->34469 34470 693d752c 34469->34470 34473 693d757d IsValidCodePage 34470->34473 34475 693d7533 34470->34475 34477 693d75a2 ___scrt_fastfail 34470->34477 34471 693c0c5d _ValidateLocalCookies 5 API calls 34472 693d7370 34471->34472 34472->34442 34472->34445 34474 693d758f GetCPInfo 34473->34474 34473->34475 34474->34475 34474->34477 34475->34471 34497 693d7178 GetCPInfo 34477->34497 34478->34438 34479->34435 34480->34444 34481->34438 34482->34456 34483->34456 34484->34456 34485->34456 34487 693c7343 34486->34487 34493 693c7339 34486->34493 34487->34493 34494 693cfbb0 36 API calls 3 library calls 34487->34494 34489 693c7364 34495 693d0c53 36 API calls __Getctype 34489->34495 34491 693c737d 34496 693d0c80 36 API calls __cftoe 34491->34496 34493->34464 34493->34465 34494->34489 34495->34491 34496->34493 34498 693d725c 34497->34498 34504 693d71b2 34497->34504 34501 693c0c5d _ValidateLocalCookies 5 API calls 34498->34501 34503 693d7308 34501->34503 34503->34475 34507 693d4be8 34504->34507 34506 693d4f22 41 API calls 34506->34498 34508 693c7326 __cftoe 36 API calls 34507->34508 34509 693d4c08 MultiByteToWideChar 34508->34509 34511 693d4cde 34509->34511 34512 693d4c46 34509->34512 34513 693c0c5d _ValidateLocalCookies 5 API calls 34511->34513 34514 693cc844 __fread_nolock 21 API calls 34512->34514 34518 693d4c67 __DllMainCRTStartup@12 ___scrt_fastfail 34512->34518 34515 693d4d01 34513->34515 34514->34518 34521 693d4f22 34515->34521 34516 693d4cd8 34526 693c0399 20 API calls _free 34516->34526 34518->34516 34519 693d4cac MultiByteToWideChar 34518->34519 34519->34516 34520 693d4cc8 GetStringTypeW 34519->34520 34520->34516 34522 693c7326 __cftoe 36 API calls 34521->34522 34523 693d4f35 34522->34523 34527 693d4d05 34523->34527 34526->34511 34528 693d4d20 34527->34528 34529 693d4d46 MultiByteToWideChar 34528->34529 34530 693d4efa 34529->34530 34531 693d4d70 34529->34531 34532 693c0c5d _ValidateLocalCookies 5 API calls 34530->34532 34535 693cc844 __fread_nolock 21 API calls 34531->34535 34536 693d4d91 __DllMainCRTStartup@12 34531->34536 34533 693d4f0d 34532->34533 34533->34506 34534 693d4dda MultiByteToWideChar 34537 693d4df3 34534->34537 34549 693d4e46 34534->34549 34535->34536 34536->34534 34536->34549 34554 693cf364 34537->34554 34541 693d4e55 34543 693cc844 __fread_nolock 21 API calls 34541->34543 34547 693d4e76 __DllMainCRTStartup@12 34541->34547 34542 693d4e1d 34545 693cf364 11 API calls 34542->34545 34542->34549 34543->34547 34544 693d4eeb 34562 693c0399 20 API calls _free 34544->34562 34545->34549 34547->34544 34548 693cf364 11 API calls 34547->34548 34550 693d4eca 34548->34550 34563 693c0399 20 API calls _free 34549->34563 34550->34544 34551 693d4ed9 WideCharToMultiByte 34550->34551 34551->34544 34552 693d4f19 34551->34552 34564 693c0399 20 API calls _free 34552->34564 34555 693cedeb 5 API calls 34554->34555 34556 693cf37a 34555->34556 34559 693cf380 34556->34559 34565 693cf3d8 10 API calls _ValidateLocalCookies 34556->34565 34558 693cf3c0 LCMapStringW 34558->34559 34560 693c0c5d _ValidateLocalCookies 5 API calls 34559->34560 34561 693cf3d2 34560->34561 34561->34541 34561->34542 34561->34549 34562->34549 34563->34530 34564->34549 34565->34558 34852 693c2cad 36 API calls 2 library calls 35001 693bfaaa 22 API calls std::exception::exception 34854 693c50a9 GetModuleFileNameW GetLastError 34857 693b2ca1 22 API calls new 34858 693bd8a0 40 API calls 34859 693be0a0 EnterCriticalSection __fread_nolock 35002 693bcaa0 32 API calls 2 library calls 35003 693b72a0 9 API calls new 34072 693a129a 34073 693a12ad 34072->34073 34076 693c0fae 34073->34076 34079 693c0f73 34076->34079 34080 693c0f97 34079->34080 34081 693c0f90 34079->34081 34086 693cdcc1 23 API calls __onexit 34080->34086 34085 693cdc51 23 API calls __onexit 34081->34085 34084 693a12b7 34085->34084 34086->34084 35005 693d569c IsProcessorFeaturePresent 34864 693be090 LeaveCriticalSection __fread_nolock 34865 693e0495 132 API calls 3 library calls 34871 693c5c80 RtlUnwind 35012 693e02ff 51 API calls 3 library calls 35013 693df056 31 API calls 2 library calls 35012->35013 35015 693a12f8 std::_Init_wcerr::_Init_wcerr 35016 693d76fe GetCommandLineA GetCommandLineW 34873 693d50f9 27 API calls 3 library calls 34874 693c00f9 DecodePointer 35018 693b86f0 82 API calls 2 library calls 35019 693be6f0 111 API calls 3 library calls 35020 693e02f0 LaunchGoogleChromeWithDimensions 34877 693a1cea 29 API calls 34878 693e20ec 194 API calls 3 library calls 34879 693a34e0 11 API calls 2 library calls 34880 693bd8e0 64 API calls __DllMainCRTStartup@12 35022 693e4adc 105 API calls 5 library calls 35023 693d6ade 27 API calls 4 library calls 34884 693db0d9 42 API calls 2 library calls 34885 693e24d8 147 API calls 3 library calls 35025 693dfeda 42 API calls 2 library calls 34887 693dfcd5 116 API calls 2 library calls 35028 693c5ed2 69 API calls _free 34890 693e74c6 HeapFree DeleteCriticalSection ___std_exception_copy

                                                                                      Executed Functions

                                                                                      Function 693DF787 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 68registrystringCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      APIs
                                                                                      • RegCreateKeyExW.KERNEL32(80000002,Software\Google\GCAPITemp,00000000,00000000,00000000,0002021F,00000000,?,?), ref: 693DF7CB
                                                                                      • lstrlenW.KERNEL32(?,?,00000000,00000000), ref: 693DF7D9
                                                                                      • RegSetValueExW.KERNEL32 ref: 693DF7EB
                                                                                      • RegDeleteValueW.KERNEL32 ref: 693DF7FE
                                                                                      • RegCloseKey.ADVAPI32(?), ref: 693DF807
                                                                                      • RegDeleteKeyW.ADVAPI32(80000002,Software\Google\GCAPITemp), ref: 693DF815
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: DeleteValue$CloseCreatelstrlen
                                                                                      • String ID: Software\Google\GCAPITemp$test
                                                                                      • API String ID: 495649648-3707622476
                                                                                      • Opcode ID: a2030d37448d23bdb81541fece0e614d579073e260c79825baefa1737a35672b
                                                                                      • Instruction ID: 1636659cfc8c7012cd49f00537ddc2cd4b5e0af84dfb08e6a676e198d3566799
                                                                                      • Opcode Fuzzy Hash: a2030d37448d23bdb81541fece0e614d579073e260c79825baefa1737a35672b
                                                                                      • Instruction Fuzzy Hash: D81134B690021EABDB10DE948D89DBFBBBDFB06355B50002AF514E2100D6315E099BA1
                                                                                      Function 693D4D05 Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 8 693d4d05-693d4d1e 9 693d4d34-693d4d39 8->9 10 693d4d20-693d4d30 call 693ccb89 8->10 12 693d4d3b-693d4d43 9->12 13 693d4d46-693d4d6a MultiByteToWideChar 9->13 10->9 17 693d4d32 10->17 12->13 15 693d4efd-693d4f10 call 693c0c5d 13->15 16 693d4d70-693d4d7c 13->16 18 693d4d7e-693d4d8f 16->18 19 693d4dd0 16->19 17->9 22 693d4dae-693d4dbf call 693cc844 18->22 23 693d4d91-693d4da0 call 693c1290 18->23 21 693d4dd2-693d4dd4 19->21 25 693d4dda-693d4ded MultiByteToWideChar 21->25 26 693d4ef2 21->26 22->26 33 693d4dc5 22->33 23->26 36 693d4da6-693d4dac 23->36 25->26 30 693d4df3-693d4e05 call 693cf364 25->30 31 693d4ef4-693d4efb call 693c0399 26->31 38 693d4e0a-693d4e0e 30->38 31->15 37 693d4dcb-693d4dce 33->37 36->37 37->21 38->26 40 693d4e14-693d4e1b 38->40 41 693d4e1d-693d4e22 40->41 42 693d4e55-693d4e61 40->42 41->31 45 693d4e28-693d4e2a 41->45 43 693d4ead 42->43 44 693d4e63-693d4e74 42->44 48 693d4eaf-693d4eb1 43->48 46 693d4e8f-693d4ea0 call 693cc844 44->46 47 693d4e76-693d4e85 call 693c1290 44->47 45->26 49 693d4e30-693d4e4a call 693cf364 45->49 52 693d4eeb-693d4ef1 call 693c0399 46->52 62 693d4ea2 46->62 47->52 60 693d4e87-693d4e8d 47->60 48->52 53 693d4eb3-693d4ecc call 693cf364 48->53 49->31 64 693d4e50 49->64 52->26 53->52 65 693d4ece-693d4ed5 53->65 66 693d4ea8-693d4eab 60->66 62->66 64->26 67 693d4ed7-693d4ed8 65->67 68 693d4f11-693d4f17 65->68 66->48 69 693d4ed9-693d4ee9 WideCharToMultiByte 67->69 68->69 69->52 70 693d4f19-693d4f20 call 693c0399 69->70 70->31
                                                                                      APIs
                                                                                      • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,693C87AF,693C87AF,?,?,?,693D4F56,00000001,00000001,FCE85006), ref: 693D4D5F
                                                                                      • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,693D4F56,00000001,00000001,FCE85006,?,?,?), ref: 693D4DE5
                                                                                      • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,FCE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 693D4EDF
                                                                                      • __freea.LIBCMT ref: 693D4EEC
                                                                                        • Part of subcall function 693CC844: HeapAlloc.KERNEL32(00000000,0000010C,00000004,?,693CC8A7,?,00000000,?,693D7B70,0000010C,00000004,?,0000010C,?,?,693CDB9D), ref: 693CC876
                                                                                      • __freea.LIBCMT ref: 693D4EF5
                                                                                      • __freea.LIBCMT ref: 693D4F1A
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: ByteCharMultiWide__freea$AllocHeap
                                                                                      • String ID:
                                                                                      • API String ID: 3147120248-0
                                                                                      • Opcode ID: 80358aeda4590459bc5ff587a040dd54fe757f9d356344cef6e87fc14800e9d5
                                                                                      • Instruction ID: d93f6214efa150cdee10aa6b36cba8089a34ef17576e148a45e53c0879797a3b
                                                                                      • Opcode Fuzzy Hash: 80358aeda4590459bc5ff587a040dd54fe757f9d356344cef6e87fc14800e9d5
                                                                                      • Instruction Fuzzy Hash: 9351DE73700616AFEF15CF64CC69EAB77A9FB40794F118629E914E7180EB36DC48C6A0
                                                                                      Function 693C0AF4 Relevance: 9.1, APIs: 6, Instructions: 93COMMONLIBRARYCODE
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: dllmain_crt_dispatchdllmain_raw
                                                                                      • String ID:
                                                                                      • API String ID: 1382799047-0
                                                                                      • Opcode ID: 98b4006376a1d1132840f44f2a378b9841c166095c3c7ba2780bc7a7e4cd51ce
                                                                                      • Instruction ID: a185b5958b39a1bf829beaa25e21aa6bf111ec542dd6ea08098889bef90df4df
                                                                                      • Opcode Fuzzy Hash: 98b4006376a1d1132840f44f2a378b9841c166095c3c7ba2780bc7a7e4cd51ce
                                                                                      • Instruction Fuzzy Hash: BB2193F6D00F95EB8F21DE648E4096F3ABDBB45B58B019509F8552B211C736CD1097A2
                                                                                      Function 693CB731 Relevance: 7.7, APIs: 5, Instructions: 169COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 108 693cb731-693cb734 109 693cb78b-693cb7a9 call 693c6183 call 693c1630 call 693cb6f9 108->109 110 693cb736-693cb739 108->110 128 693cb7ae-693cb7b4 109->128 110->109 112 693cb73b-693cb74b call 693cb8f3 110->112 118 693cb77c-693cb78a call 693ccba5 112->118 119 693cb74d-693cb766 call 693d45cd 112->119 119->109 129 693cb768-693cb76b 119->129 130 693cb7bd-693cb7ec call 693cfbb0 call 693d486e 128->130 131 693cb7b6-693cb7b8 128->131 129->118 134 693cb76d 129->134 140 693cb7ee-693cb7f1 130->140 141 693cb806-693cb817 call 693cc844 130->141 132 693cb8e1-693cb8e6 call 693c1676 131->132 134->109 142 693cb7f8 140->142 143 693cb7f3-693cb7f6 140->143 141->131 149 693cb819-693cb837 call 693d486e 141->149 146 693cb7fd call 693c6183 142->146 143->142 145 693cb802-693cb804 143->145 145->131 145->141 146->145 152 693cb839-693cb83c 149->152 153 693cb85a-693cb874 call 693cb688 149->153 154 693cb83e-693cb841 152->154 155 693cb843-693cb848 152->155 160 693cb876-693cb87c 153->160 161 693cb890-693cb89a 153->161 154->155 157 693cb84a-693cb84c 154->157 155->146 157->153 159 693cb84e-693cb855 call 693ccba5 157->159 159->131 160->161 165 693cb87e-693cb88d call 693ccba5 160->165 162 693cb89c-693cb8a3 161->162 163 693cb8c3-693cb8df call 693cb8ea 161->163 162->163 166 693cb8a5-693cb8ab 162->166 163->132 165->161 166->163 170 693cb8ad-693cb8b2 166->170 170->163 173 693cb8b4-693cb8be call 693ccba5 170->173 173->163
                                                                                      APIs
                                                                                      • __cftoe.LIBCMT ref: 693CB757
                                                                                      • _free.LIBCMT ref: 693CB77D
                                                                                      • _free.LIBCMT ref: 693CB84F
                                                                                      • _free.LIBCMT ref: 693CB882
                                                                                        • Part of subcall function 693CB8F3: RtlAllocateHeap.NTDLL(00000008,00000000,00000000,?,693CFCCF,00000001,00000364,?,?,693C6175,00000000,00000000,00000000,00000000,00000000,0000010C), ref: 693CB934
                                                                                      • _free.LIBCMT ref: 693CB8B8
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: _free$AllocateHeap__cftoe
                                                                                      • String ID:
                                                                                      • API String ID: 3093301996-0
                                                                                      • Opcode ID: b384c051c1e1b93ad4ef8698ab568073bdf277177e0dd87103a46c6282c451ec
                                                                                      • Instruction ID: 63d6f14a988c474863efefcc3e57c19266fb760c919c274eabdeae84e30c4c5d
                                                                                      • Opcode Fuzzy Hash: b384c051c1e1b93ad4ef8698ab568073bdf277177e0dd87103a46c6282c451ec
                                                                                      • Instruction Fuzzy Hash: 7851FB36900B45DBDB01CBA88D81F6E77F8BF49364F108219E925FA281DB36DD05C766
                                                                                      Function 693CEEBB Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 176 693ceebb-693ceecf 177 693ceedc-693ceef7 LoadLibraryExW 176->177 178 693ceed1-693ceeda 176->178 180 693ceef9-693cef02 GetLastError 177->180 181 693cef20-693cef26 177->181 179 693cef33-693cef35 178->179 182 693cef04-693cef0f LoadLibraryExW 180->182 183 693cef11 180->183 184 693cef2f 181->184 185 693cef28-693cef29 FreeLibrary 181->185 187 693cef13-693cef15 182->187 183->187 186 693cef31-693cef32 184->186 185->184 186->179 187->181 188 693cef17-693cef1e 187->188 188->186
                                                                                      APIs
                                                                                      • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00000000,00000000,00000000,?,693CEE62,00000000,00000000,00000000,00000000,?,693CF12C,00000006,FlsSetValue), ref: 693CEEED
                                                                                      • GetLastError.KERNEL32(?,693CEE62,00000000,00000000,00000000,00000000,?,693CF12C,00000006,FlsSetValue,693EF920,693EF928,00000000,00000364,?,693CFCEC), ref: 693CEEF9
                                                                                      • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,693CEE62,00000000,00000000,00000000,00000000,?,693CF12C,00000006,FlsSetValue,693EF920,693EF928,00000000), ref: 693CEF07
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: LibraryLoad$ErrorLast
                                                                                      • String ID:
                                                                                      • API String ID: 3177248105-0
                                                                                      • Opcode ID: 3c73f23e7ba7653fef2fe27709578c5406f102602f9b639849b27f1b6a2ea28a
                                                                                      • Instruction ID: c8408e5d48a6379595b02c7943d5a70d86561fbfcdb594b2b2fe73c07feb4704
                                                                                      • Opcode Fuzzy Hash: 3c73f23e7ba7653fef2fe27709578c5406f102602f9b639849b27f1b6a2ea28a
                                                                                      • Instruction Fuzzy Hash: E101D437655726DBCB314A789C46A6637ACEF067B17120620F925D3240C722EC01C6E1
                                                                                      Function 693D750D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 168COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 189 693d750d-693d7531 call 693d70a0 192 693d7541-693d7548 189->192 193 693d7533-693d753c call 693d7113 189->193 195 693d754b-693d7551 192->195 200 693d76ee-693d76fd call 693c0c5d 193->200 197 693d7557-693d7563 195->197 198 693d7641-693d7660 call 693c20b0 195->198 197->195 201 693d7565-693d756b 197->201 206 693d7663-693d7668 198->206 204 693d7639-693d763c 201->204 205 693d7571-693d7577 201->205 209 693d76ed 204->209 205->204 208 693d757d-693d7589 IsValidCodePage 205->208 210 693d769f-693d76a9 206->210 211 693d766a-693d766f 206->211 208->204 212 693d758f-693d759c GetCPInfo 208->212 209->200 210->206 217 693d76ab-693d76d2 call 693d7062 210->217 213 693d769c 211->213 214 693d7671-693d7677 211->214 215 693d7626-693d762c 212->215 216 693d75a2-693d75c3 call 693c20b0 212->216 213->210 218 693d7690-693d7692 214->218 215->204 219 693d762e-693d7634 call 693d7113 215->219 229 693d75c5-693d75cc 216->229 230 693d7616 216->230 231 693d76d3-693d76e2 217->231 222 693d7679-693d767f 218->222 223 693d7694-693d769a 218->223 233 693d76ea-693d76eb 219->233 222->223 227 693d7681-693d768c 222->227 223->211 223->213 227->218 234 693d75ef-693d75f2 229->234 235 693d75ce-693d75d3 229->235 232 693d7619-693d7621 230->232 231->231 236 693d76e4-693d76e5 call 693d7178 231->236 232->236 233->209 238 693d75f7-693d75fe 234->238 235->234 239 693d75d5-693d75db 235->239 236->233 238->238 241 693d7600-693d7614 call 693d7062 238->241 240 693d75e3-693d75e5 239->240 242 693d75dd-693d75e2 240->242 243 693d75e7-693d75ed 240->243 241->232 242->240 243->234 243->235
                                                                                      APIs
                                                                                        • Part of subcall function 693D70A0: GetOEMCP.KERNEL32(00000000,693D7329,?,?,?), ref: 693D70CB
                                                                                      • IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,693D7370,?,00000000,?,693FED20), ref: 693D7581
                                                                                      • GetCPInfo.KERNEL32(00000000,?,?,?,?,693D7370,?,00000000,?,693FED20), ref: 693D7594
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: CodeInfoPageValid
                                                                                      • String ID: ?i
                                                                                      • API String ID: 546120528-4174197972
                                                                                      • Opcode ID: 03695714a5f4ffd8c8fb60300e2917c6c394f6d185fe5dd7002b110673c090ab
                                                                                      • Instruction ID: c878b21ced4355a73439eee68a59f9a14ee9f90e379325ddd334236f5945c796
                                                                                      • Opcode Fuzzy Hash: 03695714a5f4ffd8c8fb60300e2917c6c394f6d185fe5dd7002b110673c090ab
                                                                                      • Instruction Fuzzy Hash: 455115F69043469FDB20CF79C4606AABBFAEF41304F04856ED4A7CB240E7369149CB91
                                                                                      Function 693C56F8 Relevance: 4.6, APIs: 3, Instructions: 66libraryloaderCOMMONLIBRARYCODE
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 246 693c56f8-693c5726 247 693c5728-693c572a 246->247 248 693c5791 246->248 249 693c572c-693c572e 247->249 250 693c5730-693c5736 247->250 251 693c5793-693c5797 248->251 249->251 252 693c5738-693c573a call 693c5798 250->252 253 693c5752 250->253 258 693c573f-693c5742 252->258 254 693c5754-693c5756 253->254 256 693c5758-693c5766 GetProcAddress 254->256 257 693c5781-693c578f 254->257 259 693c5768-693c5771 call 693c0c73 256->259 260 693c577b 256->260 257->248 261 693c5744-693c574a 258->261 262 693c5773-693c5779 258->262 259->249 260->257 261->252 263 693c574c 261->263 262->254 263->253
                                                                                      APIs
                                                                                      • try_get_module.LIBVCRUNTIME ref: 693C573A
                                                                                      • GetProcAddress.KERNEL32(00000000,00000001,00000001,00000000,?,?,693C5973,00000005,FlsFree,693ED74C,693ED754,00000000,?,693C567B,00000005,693C54C7), ref: 693C575C
                                                                                      • __crt_fast_encode_pointer.LIBVCRUNTIME ref: 693C5769
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: AddressProc__crt_fast_encode_pointertry_get_module
                                                                                      • String ID:
                                                                                      • API String ID: 2417418378-0
                                                                                      • Opcode ID: ec253c8643d31dc3203f37f30bfbc614bc1939b93063654a27029f73ab2be6f8
                                                                                      • Instruction ID: 2342fb26643d2236c5285071ae34e64236a2fa838ade8098e91a0635543dcc23
                                                                                      • Opcode Fuzzy Hash: ec253c8643d31dc3203f37f30bfbc614bc1939b93063654a27029f73ab2be6f8
                                                                                      • Instruction Fuzzy Hash: 8811E737A08D25DB9F169E2CE88455A73A9AB463607428225EC34EB244D731DC8187E2
                                                                                      Function 693A6BFB Relevance: 4.5, APIs: 3, Instructions: 26COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 266 693a6bfb-693a6c01 267 693a6c03-693a6c16 266->267 268 693a6c36 call 693c5db7 266->268 270 693a6c3b-693a6c3f 267->270 271 693a6c18 267->271 268->270 272 693a6c1c-693a6c35 call 693bf854 call 693bf69b 270->272 271->272
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: std::_$Facet_LockitLockit::~_Register_abort
                                                                                      • String ID:
                                                                                      • API String ID: 1351560015-0
                                                                                      • Opcode ID: 863316e38f8b6cdd82b2e5955f454b0ae11d63be43f737de43c4f3528ee72c5c
                                                                                      • Instruction ID: 212860a4548ac22f7f9cd19f8fda7eaefb3fefab6cc03b0ff40f314d3ef5e838
                                                                                      • Opcode Fuzzy Hash: 863316e38f8b6cdd82b2e5955f454b0ae11d63be43f737de43c4f3528ee72c5c
                                                                                      • Instruction Fuzzy Hash: 08E0D87DA001148BC710DF9CA94056CF3A8EF683297145656E86DC7750EB379E0687C2
                                                                                      Function 693D7178 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 132COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 279 693d7178-693d71ac GetCPInfo 280 693d72a2-693d72af 279->280 281 693d71b2 279->281 283 693d72b5-693d72c5 280->283 282 693d71b4-693d71be 281->282 282->282 286 693d71c0-693d71d3 282->286 284 693d72c7-693d72cf 283->284 285 693d72d1-693d72d8 283->285 287 693d72e4-693d72e6 284->287 288 693d72e8 285->288 289 693d72da-693d72e1 285->289 290 693d71f4-693d71f6 286->290 291 693d72ea-693d72f9 287->291 288->291 289->287 292 693d71f8-693d722f call 693d4be8 call 693d4f22 290->292 293 693d71d5-693d71dc 290->293 291->283 295 693d72fb-693d730b call 693c0c5d 291->295 304 693d7234-693d725f call 693d4f22 292->304 296 693d71eb-693d71ed 293->296 299 693d71ef-693d71f2 296->299 300 693d71de-693d71e0 296->300 299->290 300->299 303 693d71e2-693d71ea 300->303 303->296 307 693d7261-693d726b 304->307 308 693d726d-693d7279 307->308 309 693d727b-693d727d 307->309 310 693d728b-693d7292 308->310 311 693d727f-693d7284 309->311 312 693d7294 309->312 313 693d729b-693d729e 310->313 311->310 312->313 313->307 314 693d72a0 313->314 314->295
                                                                                      APIs
                                                                                      • GetCPInfo.KERNEL32(5EFC4D8B,?,00000005,?,00000000), ref: 693D719D
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: Info
                                                                                      • String ID: ?i
                                                                                      • API String ID: 1807457897-4174197972
                                                                                      • Opcode ID: 038a0fc186006801d03dd128a453678fb2f6e06674c36ea0fdaf33aaa457d833
                                                                                      • Instruction ID: 490e39557cbc210a76c9b2f912150361c49ae56a53fa3460f73cdb39d9c73d5b
                                                                                      • Opcode Fuzzy Hash: 038a0fc186006801d03dd128a453678fb2f6e06674c36ea0fdaf33aaa457d833
                                                                                      • Instruction Fuzzy Hash: E4412CB25043889ADF21CF68CCA4BE6BBBDEB46304F1405EDE5DA87142D2359A49CF60
                                                                                      Function 693CF003 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 30memoryCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 315 693cf003-693cf025 call 693cee1f 317 693cf02a-693cf031 315->317 318 693cf042 TlsAlloc 317->318 319 693cf033-693cf040 317->319 320 693cf048-693cf056 call 693c0c5d 318->320 319->320
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: Alloc
                                                                                      • String ID: FlsAlloc
                                                                                      • API String ID: 2773662609-671089009
                                                                                      • Opcode ID: 7bc62c372540cb4196dd927fd330e5221455f00be046395292fd440249f5e2f6
                                                                                      • Instruction ID: e7b66ee3379854807ae64732a62b193f4210ccbdd59d3b865afbf6d57478a395
                                                                                      • Opcode Fuzzy Hash: 7bc62c372540cb4196dd927fd330e5221455f00be046395292fd440249f5e2f6
                                                                                      • Instruction Fuzzy Hash: 82E02B35600A28F7CB21AB659C05E6DBFA9EF45720F414056FC299B200DF765F10E6D6
                                                                                      Function 693D730C Relevance: 3.1, APIs: 2, Instructions: 95COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 325 693d730c-693d7338 call 693d7419 call 693d70a0 330 693d733e-693d7353 call 693cc844 325->330 331 693d733a-693d733c 325->331 335 693d7355-693d736b call 693d750d 330->335 336 693d7383 330->336 332 693d7391-693d7394 331->332 340 693d7370-693d7376 335->340 338 693d7385-693d7390 call 693ccba5 336->338 338->332 342 693d7378-693d737d call 693cabdd 340->342 343 693d7395-693d7399 340->343 342->336 344 693d739b call 693d1acb 343->344 345 693d73a0-693d73ab 343->345 344->345 348 693d73ad-693d73b7 345->348 349 693d73c2-693d73dc 345->349 348->349 351 693d73b9-693d73c1 call 693ccba5 348->351 349->338 352 693d73de-693d73e5 349->352 351->349 352->338 354 693d73e7-693d7404 call 693d6fb7 352->354 354->338 358 693d740a-693d7414 354->358 358->338
                                                                                      APIs
                                                                                        • Part of subcall function 693D7419: _abort.LIBCMT ref: 693D7446
                                                                                        • Part of subcall function 693D7419: _free.LIBCMT ref: 693D7479
                                                                                        • Part of subcall function 693D70A0: GetOEMCP.KERNEL32(00000000,693D7329,?,?,?), ref: 693D70CB
                                                                                      • _free.LIBCMT ref: 693D7386
                                                                                      • _free.LIBCMT ref: 693D73BC
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: _free$_abort
                                                                                      • String ID:
                                                                                      • API String ID: 195396716-0
                                                                                      • Opcode ID: 51cdad6c4f9b329b468f9d93abd32da8c3c1b96fde232f926de793b16515e105
                                                                                      • Instruction ID: 67b4402d4383a5b5d697b8728ac0c7ec428526d47c92985b9253707c047eba7c
                                                                                      • Opcode Fuzzy Hash: 51cdad6c4f9b329b468f9d93abd32da8c3c1b96fde232f926de793b16515e105
                                                                                      • Instruction Fuzzy Hash: 6F31E1B6504349AFDB01CF68C891B8A7BF5FF41324F15806AFC659B290EB329D58CB90
                                                                                      Function 693CEE1F Relevance: 3.1, APIs: 2, Instructions: 65libraryloaderCOMMONLIBRARYCODE
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 359 693cee1f-693cee49 360 693cee4b-693cee4d 359->360 361 693ceeb4 359->361 362 693cee4f-693cee51 360->362 363 693cee53-693cee59 360->363 364 693ceeb6-693ceeba 361->364 362->364 365 693cee5b-693cee5d call 693ceebb 363->365 366 693cee75 363->366 371 693cee62-693cee65 365->371 368 693cee77-693cee79 366->368 369 693cee7b-693cee89 GetProcAddress 368->369 370 693ceea4-693ceeb2 368->370 372 693cee9e 369->372 373 693cee8b-693cee94 call 693c0c73 369->373 370->361 374 693cee96-693cee9c 371->374 375 693cee67-693cee6d 371->375 372->370 373->362 374->368 375->365 377 693cee6f 375->377 377->366
                                                                                      APIs
                                                                                      • GetProcAddress.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,693CF12C,00000006,FlsSetValue,693EF920,693EF928,00000000,00000364,?,693CFCEC,00000000), ref: 693CEE7F
                                                                                      • __crt_fast_encode_pointer.LIBVCRUNTIME ref: 693CEE8C
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: AddressProc__crt_fast_encode_pointer
                                                                                      • String ID:
                                                                                      • API String ID: 2279764990-0
                                                                                      • Opcode ID: 3a02abef26e6341d269b2f3c9bf88cfdf624790fcb90c7c5c2997220ff7eab7b
                                                                                      • Instruction ID: 7367697cc10ec61822db4502f9365883eaae150c57e8c15364ce8aa084337f11
                                                                                      • Opcode Fuzzy Hash: 3a02abef26e6341d269b2f3c9bf88cfdf624790fcb90c7c5c2997220ff7eab7b
                                                                                      • Instruction Fuzzy Hash: C611A737A01F66DB9F319D3DD8469AB77A9AB817A07028121ED34AB244DB31DC01C6E6
                                                                                      Function 693B40D0 Relevance: 3.0, APIs: 2, Instructions: 39registryCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 384 693b40d0-693b4107 RegOpenKeyExW 385 693b4109-693b410d 384->385 386 693b412c-693b4132 384->386 387 693b411b-693b4129 385->387 388 693b410f-693b4118 RegCloseKey 385->388 387->386 388->387
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: CloseOpen
                                                                                      • String ID:
                                                                                      • API String ID: 47109696-0
                                                                                      • Opcode ID: 7b1b2936c1db58a364e9111053df5986237fa95ee531d2f8f5423788abeb1346
                                                                                      • Instruction ID: ff0a1a7d4e55fad45457b73b88c4947b7bab85215a628b23feaa67eddac5b70c
                                                                                      • Opcode Fuzzy Hash: 7b1b2936c1db58a364e9111053df5986237fa95ee531d2f8f5423788abeb1346
                                                                                      • Instruction Fuzzy Hash: 0FF08C71605305AFD7208F0AC849B1BFBE8FB98321F00852EF9A8C7240D771A8048BA4
                                                                                      Function 693A64B0 Relevance: 3.0, APIs: 2, Instructions: 39COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 379 693a64b0-693a64c5 call 693c08da call 693bf888 383 693a64ca-693a652e 379->383
                                                                                      APIs
                                                                                      • new.LIBCMT ref: 693A64BC
                                                                                      • std::locale::_Init.LIBCPMT ref: 693A64C5
                                                                                        • Part of subcall function 693BF888: __EH_prolog3.LIBCMT ref: 693BF88F
                                                                                        • Part of subcall function 693BF888: std::_Lockit::_Lockit.LIBCPMT ref: 693BF89A
                                                                                        • Part of subcall function 693BF888: std::locale::_Locimp::_New_Locimp.LIBCPMT ref: 693BF8AD
                                                                                        • Part of subcall function 693BF888: std::locale::_Setgloballocale.LIBCPMT ref: 693BF8B5
                                                                                        • Part of subcall function 693BF888: _Yarn.LIBCPMT ref: 693BF8CB
                                                                                        • Part of subcall function 693BF888: std::_Lockit::~_Lockit.LIBCPMT ref: 693BF909
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: std::locale::_$Lockitstd::_$H_prolog3InitLocimpLocimp::_Lockit::_Lockit::~_New_SetgloballocaleYarn
                                                                                      • String ID:
                                                                                      • API String ID: 2548088810-0
                                                                                      • Opcode ID: 498fd82e84e50fd5541ea6882579caf3306c622238869168cc7f93c967095210
                                                                                      • Instruction ID: a6c1c2f03f17c2edabb31da748a5120c4a8f63b767a85cf741720fe8bc8eaab2
                                                                                      • Opcode Fuzzy Hash: 498fd82e84e50fd5541ea6882579caf3306c622238869168cc7f93c967095210
                                                                                      • Instruction Fuzzy Hash: 191169B9600A06AFD305CF25D940B82BBF4FB09310F01826AD8088BB50E7B5F965CFE0
                                                                                      Function 693C5638 Relevance: 3.0, APIs: 2, Instructions: 19COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 389 693c5638-693c563d call 693c591f 391 693c5642-693c564b 389->391 392 693c564d-693c564f 391->392 393 693c5650-693c565f call 693c59cd 391->393 396 693c5668-693c566a 393->396 397 693c5661-693c5666 call 693c566b 393->397 397->392
                                                                                      APIs
                                                                                      • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 693C5656
                                                                                      • ___vcrt_uninitialize_ptd.LIBVCRUNTIME ref: 693C5661
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: Value___vcrt____vcrt_uninitialize_ptd
                                                                                      • String ID:
                                                                                      • API String ID: 1660781231-0
                                                                                      • Opcode ID: c8ce5f84cd4c3bcc298ab704856fa0b88d0ddc978b5f2d7be73c6df16d68737e
                                                                                      • Instruction ID: 9423d0b325ef26d9faa086b3f8efc8c4326e99f66d5c5b62049e3fe92098805b
                                                                                      • Opcode Fuzzy Hash: c8ce5f84cd4c3bcc298ab704856fa0b88d0ddc978b5f2d7be73c6df16d68737e
                                                                                      • Instruction Fuzzy Hash: 0AD0237940CF41D4CA00B5746A0184D336905033757D07287F071C64C0FF22DC11D723
                                                                                      Function 693CA686 Relevance: 1.6, APIs: 1, Instructions: 52COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 693CB8F3: RtlAllocateHeap.NTDLL(00000008,00000000,00000000,?,693CFCCF,00000001,00000364,?,?,693C6175,00000000,00000000,00000000,00000000,00000000,0000010C), ref: 693CB934
                                                                                      • _free.LIBCMT ref: 693CA6F2
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: AllocateHeap_free
                                                                                      • String ID:
                                                                                      • API String ID: 614378929-0
                                                                                      • Opcode ID: a4cc9dbad5b5e24a7106e0ea9424525c773cee610d05c0ee60d8c7d27868ae33
                                                                                      • Instruction ID: 1c43062693d0acb50c0aabdb2beb5a87bde0bb4ffd72204087edc79d9c205600
                                                                                      • Opcode Fuzzy Hash: a4cc9dbad5b5e24a7106e0ea9424525c773cee610d05c0ee60d8c7d27868ae33
                                                                                      • Instruction Fuzzy Hash: 70010476204705EAE321CAAA9C81A5AFBE8EB85370F21051DE19493280EB30AC058765
                                                                                      Function 693A6566 Relevance: 1.5, APIs: 1, Instructions: 40COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • std::ios_base::_Addstd.LIBCPMT ref: 693A65A9
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: Addstdstd::ios_base::_
                                                                                      • String ID:
                                                                                      • API String ID: 2228453158-0
                                                                                      • Opcode ID: 0e8bf973fcce07ba29c9757ddb3344d224fd5f9126957dc9a9f16c451efdc25c
                                                                                      • Instruction ID: 349eec86ffe89b1c9bbc6eaf25b023c98dc5fe5bf016174bd21596a8d1dc70fa
                                                                                      • Opcode Fuzzy Hash: 0e8bf973fcce07ba29c9757ddb3344d224fd5f9126957dc9a9f16c451efdc25c
                                                                                      • Instruction Fuzzy Hash: 5FF0F6797002045FEB10DB68CCC9B29B7A1FB85318F044169E946CF385D772EC50C7A1
                                                                                      Function 693CB8F3 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • RtlAllocateHeap.NTDLL(00000008,00000000,00000000,?,693CFCCF,00000001,00000364,?,?,693C6175,00000000,00000000,00000000,00000000,00000000,0000010C), ref: 693CB934
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: AllocateHeap
                                                                                      • String ID:
                                                                                      • API String ID: 1279760036-0
                                                                                      • Opcode ID: 889172cfc87dd9d1e0f929dd31115ed24d61bc71aec4c84ee840d7ba2eb57c97
                                                                                      • Instruction ID: 37182c97d1ee3afdb524f70fd2244a57a9f25fc880db3d4a1fb6ba34b473968a
                                                                                      • Opcode Fuzzy Hash: 889172cfc87dd9d1e0f929dd31115ed24d61bc71aec4c84ee840d7ba2eb57c97
                                                                                      • Instruction Fuzzy Hash: 62F05B36545D29E6EB115A669805B7B377EAF42770B018111D854DF190DB21EC00C6E3
                                                                                      Function 693A171F Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: Getctype
                                                                                      • String ID:
                                                                                      • API String ID: 2085600672-0
                                                                                      • Opcode ID: bb61c8c8c17decf126cc1feaffe24e2acb042420f8316ac665791bc7aa44c4ec
                                                                                      • Instruction ID: 2f1687c6d1ba4fe7eeba8893fb5604e2a31fc8ac4a04d45480608cea057cd159
                                                                                      • Opcode Fuzzy Hash: bb61c8c8c17decf126cc1feaffe24e2acb042420f8316ac665791bc7aa44c4ec
                                                                                      • Instruction Fuzzy Hash: 36E04FBAC1050A8AD305DF98D8417E8F7B8FF74314F10D25AD89A96552FB3061D9C791
                                                                                      Function 693A1716 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: Getctype
                                                                                      • String ID:
                                                                                      • API String ID: 2085600672-0
                                                                                      • Opcode ID: 3988b9313f32bd6affee88c534dd425abb4f33a699424c926f00b5a767527630
                                                                                      • Instruction ID: 279d132092219b0b6511d6e2c372baf744a35fb3added62dff7f898f82d5a1e4
                                                                                      • Opcode Fuzzy Hash: 3988b9313f32bd6affee88c534dd425abb4f33a699424c926f00b5a767527630
                                                                                      • Instruction Fuzzy Hash: AAE04FBAC105058AD301DF98D8417E8F7B8EF64314F10E21AD89996511EB306599C691
                                                                                      Function 693B4140 Relevance: 1.5, APIs: 1, Instructions: 14registryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • RegQueryValueExW.KERNEL32(80000002,00020219,00000000,00000000,00000000,00000000), ref: 693B4150
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: QueryValue
                                                                                      • String ID:
                                                                                      • API String ID: 3660427363-0
                                                                                      • Opcode ID: a392439cbc3d38772bc2c7866e4a053f02d824ed3135f9bc75059974309b21d4
                                                                                      • Instruction ID: a4c8717cc3dbaae3edf9c7539c27b0498f42e70272a80f37fd35d344544eccfa
                                                                                      • Opcode Fuzzy Hash: a392439cbc3d38772bc2c7866e4a053f02d824ed3135f9bc75059974309b21d4
                                                                                      • Instruction Fuzzy Hash: E8C08C323D43087BEA201AB0CC03F103A6DE712F21F300021B309EC0E0C1A37820964C
                                                                                      Function 693A158D Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 693A158F
                                                                                        • Part of subcall function 693BF98B: _Yarn.LIBCPMT ref: 693BF9AA
                                                                                        • Part of subcall function 693BF98B: _Yarn.LIBCPMT ref: 693BF9CE
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: Yarn$Locinfo::_Locinfo_ctorstd::_
                                                                                      • String ID:
                                                                                      • API String ID: 3704895665-0
                                                                                      • Opcode ID: d080491ecb3bdb019867609d9e89bbc9f6e145d7bf60d3e842f61abc602108ad
                                                                                      • Instruction ID: c676f91467971d3115fc28d4c644947b168545ae2c7906bbb29f07f046f3a0ff
                                                                                      • Opcode Fuzzy Hash: d080491ecb3bdb019867609d9e89bbc9f6e145d7bf60d3e842f61abc602108ad
                                                                                      • Instruction Fuzzy Hash: 9CB01297B11024120000A4483C018FAF20CC6360567045163ED08C5604E5120D3113F6

                                                                                      Non-executed Functions

                                                                                      Function 693DFFEC Relevance: 25.7, APIs: 17, Instructions: 233comthreadCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • CoInitializeEx.OLE32(00000000,00000002), ref: 693E0024
                                                                                      • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000006,00000002,00000000,00000040,00000000), ref: 693E0039
                                                                                      • CoUninitialize.OLE32 ref: 693E02D1
                                                                                        • Part of subcall function 693DF4F1: GetCurrentProcess.KERNEL32(00000008,?), ref: 693DF50F
                                                                                        • Part of subcall function 693DF4F1: OpenProcessToken.ADVAPI32(00000000), ref: 693DF516
                                                                                        • Part of subcall function 693DF4F1: GetTokenInformation.ADVAPI32(?,00000012(TokenIntegrityLevel),?,00000004,00000000), ref: 693DF53A
                                                                                        • Part of subcall function 693DF4F1: CloseHandle.KERNEL32(?), ref: 693DF547
                                                                                      • GetCurrentProcessId.KERNEL32(?), ref: 693E0064
                                                                                        • Part of subcall function 693DF383: OpenProcess.KERNEL32(00000400,00000001,?,00000000,00000000), ref: 693DF396
                                                                                      • GetShellWindow.USER32 ref: 693E0087
                                                                                      • GetWindowThreadProcessId.USER32(00000000), ref: 693E008E
                                                                                      • LocalFree.KERNEL32(?), ref: 693E00A2
                                                                                      • OpenProcess.KERNEL32(00000440,00000001,?), ref: 693E00EA
                                                                                      • OpenProcessToken.ADVAPI32(?,0000000A,?,00000000), ref: 693E0131
                                                                                      • DuplicateTokenEx.ADVAPI32(?,0000000F,00000000,00000002,00000001,?), ref: 693E014E
                                                                                      • ImpersonateLoggedOnUser.ADVAPI32(?), ref: 693E015E
                                                                                      • CloseHandle.KERNEL32(?), ref: 693E018C
                                                                                      • CloseHandle.KERNEL32(?), ref: 693E019C
                                                                                      • LocalFree.KERNEL32(?), ref: 693E01AF
                                                                                      • LocalFree.KERNEL32(?), ref: 693E01BB
                                                                                      • CoCreateInstance.OLE32(693F65CC,00000000,00000004,693F65BC,?), ref: 693E01F0
                                                                                      • RevertToSelf.ADVAPI32(00000001,00000000), ref: 693E02A7
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: Process$OpenToken$CloseFreeHandleLocal$CurrentInitializeWindow$CreateDuplicateImpersonateInformationInstanceLoggedRevertSecuritySelfShellThreadUninitializeUser
                                                                                      • String ID:
                                                                                      • API String ID: 1086148846-0
                                                                                      • Opcode ID: 9c13849946276901ee29394216dbe0ec9e9d006cf562fe6c3f4b9cd899f84120
                                                                                      • Instruction ID: d551ce032c58588561331015b07c7d53c7147898caf35a885ff05fd39381afc2
                                                                                      • Opcode Fuzzy Hash: 9c13849946276901ee29394216dbe0ec9e9d006cf562fe6c3f4b9cd899f84120
                                                                                      • Instruction Fuzzy Hash: 11813C75904219AFEF20DFA0CC84FAEBBB9FF05214F50809AE559A6181DF329D85DF20
                                                                                      Function 693BB6C0 Relevance: 25.0, APIs: 13, Strings: 1, Instructions: 504COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 693BD530: new.LIBCMT ref: 693BD54D
                                                                                      • new.LIBCMT ref: 693BB811
                                                                                      • SetHandleInformation.KERNEL32 ref: 693BB8AA
                                                                                        • Part of subcall function 693BB5D0: GetCurrentProcess.KERNEL32(00000001,?,00000001), ref: 693BB5F4
                                                                                        • Part of subcall function 693BFC31: std::invalid_argument::invalid_argument.LIBCONCRT ref: 693BFC3D
                                                                                        • Part of subcall function 693BFC31: __CxxThrowException@8.LIBVCRUNTIME ref: 693BFC4B
                                                                                      Strings
                                                                                      • invalid vector<T> subscript, xrefs: 693BBE32
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: CurrentException@8HandleInformationProcessThrowstd::invalid_argument::invalid_argument
                                                                                      • String ID: invalid vector<T> subscript
                                                                                      • API String ID: 2615769013-3016609489
                                                                                      • Opcode ID: 1a3f05c9471251814b7b65cab82b365a6c4e5b37322ebd9ab0a278109a95f605
                                                                                      • Instruction ID: bc32ade8f4b317a8bed2a933e6fa484f2ac64e31f8902c3a001d66565740416f
                                                                                      • Opcode Fuzzy Hash: 1a3f05c9471251814b7b65cab82b365a6c4e5b37322ebd9ab0a278109a95f605
                                                                                      • Instruction Fuzzy Hash: E61269756083809FD720CF25C994BABB7F4BF94318F00891DE4EA9B6A4DB35E904CB52
                                                                                      Function 693B2A20 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 156libraryloaderCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetCurrentProcess.KERNEL32(00000000), ref: 693B2A4E
                                                                                      • GetModuleHandleW.KERNEL32(kernel32.dll,IsWow64Process), ref: 693B2A64
                                                                                      • GetProcAddress.KERNEL32(00000000), ref: 693B2A6B
                                                                                      • GetVersionExW.KERNEL32(0000011C), ref: 693B2AE0
                                                                                      • GetNativeSystemInfo.KERNEL32(?), ref: 693B2B3C
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: AddressCurrentHandleInfoModuleNativeProcProcessSystemVersion
                                                                                      • String ID: GetProductInfo$IsWow64Process$kernel32.dll
                                                                                      • API String ID: 1167739923-1263506661
                                                                                      • Opcode ID: fb3b0ce24e7fe392cc7a2409bba54845c0d5e92446591a096effb3602c06feaa
                                                                                      • Instruction ID: fd8393f2166b1fecf3ae170a298ac698df9985dca7954a0193d5cf5e7d108516
                                                                                      • Opcode Fuzzy Hash: fb3b0ce24e7fe392cc7a2409bba54845c0d5e92446591a096effb3602c06feaa
                                                                                      • Instruction Fuzzy Hash: 35519D71A00618CBDB30CF65C9447EAB7F4EF29305F10469AE49ADB640DB75AE84CF81
                                                                                      Function 693D2301 Relevance: 12.7, APIs: 6, Strings: 1, Instructions: 461COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: _free$_memcmp
                                                                                      • String ID: C
                                                                                      • API String ID: 789029625-1037565863
                                                                                      • Opcode ID: 7399cb94ecf24e3079ae11a5fccfa42855c25ce995f39d1824ec5a16e688eb2a
                                                                                      • Instruction ID: 051f2e680ee5a65b711fd37c799138d600253165bd9cd0af31dc6048f5412d87
                                                                                      • Opcode Fuzzy Hash: 7399cb94ecf24e3079ae11a5fccfa42855c25ce995f39d1824ec5a16e688eb2a
                                                                                      • Instruction Fuzzy Hash: 2702B376905219DBDB24CF28CEA4B9EB3B4FF05314F1085DAD849A7240E771AE8ACF50
                                                                                      Function 693D03A9 Relevance: 10.9, APIs: 7, Instructions: 370timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • _free.LIBCMT ref: 693D042B
                                                                                      • _free.LIBCMT ref: 693D044F
                                                                                      • _free.LIBCMT ref: 693D05D6
                                                                                      • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,693EF9F4), ref: 693D05E8
                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,693FEC4C,000000FF,00000000,0000003F,00000000,?,?), ref: 693D0660
                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,693FECA0,000000FF,?,0000003F,00000000,?), ref: 693D068D
                                                                                      • _free.LIBCMT ref: 693D07A2
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: _free$ByteCharMultiWide$InformationTimeZone
                                                                                      • String ID:
                                                                                      • API String ID: 314583886-0
                                                                                      • Opcode ID: 7f0dfb2c7d767e420b288fd40e1bfa1ae08479d3106ce3a239fc02f7e9d50a0c
                                                                                      • Instruction ID: c1b404b916fc2c091a7cb8979fc680a7c9928a55eb52c7beef7362ff73e56e33
                                                                                      • Opcode Fuzzy Hash: 7f0dfb2c7d767e420b288fd40e1bfa1ae08479d3106ce3a239fc02f7e9d50a0c
                                                                                      • Instruction Fuzzy Hash: 8BC1187B904245EFDB10CF78C960AAE7BBDEF82714F14816AE89497140EB318E49CB51
                                                                                      Function 693D8517 Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: __floor_pentium4
                                                                                      • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                      • API String ID: 4168288129-2761157908
                                                                                      • Opcode ID: d2c684f6853f3b60d9a0b17ec416316ee4de37e1d7c0de1da4dbce9b80a7689e
                                                                                      • Instruction ID: aaf4c81716e713cf27486f382f19901017e33b3931ead2ad4675a619e21dcd87
                                                                                      • Opcode Fuzzy Hash: d2c684f6853f3b60d9a0b17ec416316ee4de37e1d7c0de1da4dbce9b80a7689e
                                                                                      • Instruction Fuzzy Hash: B5C28C72E096288FDB25CE28DD607EAB3B9FB45344F1041EAD44DE7240E775AE898F41
                                                                                      Function 693B5D10 Relevance: 10.0, APIs: 4, Strings: 1, Instructions: 1234COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: inity
                                                                                      • API String ID: 0-2893408212
                                                                                      • Opcode ID: 358792084571f3096feac04ee0d87d05083984fa1817fbea25d2ff3c6ddd544a
                                                                                      • Instruction ID: fa89654a415104afca397f45ac358e76e4c95c49a733fcebdb2147430d713aa7
                                                                                      • Opcode Fuzzy Hash: 358792084571f3096feac04ee0d87d05083984fa1817fbea25d2ff3c6ddd544a
                                                                                      • Instruction Fuzzy Hash: 10C28A31908B418BC715CF28C59071BB7F6FFDA3A8F108A1EE4999B659DB31D485CB42
                                                                                      Function 693DB452 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 86COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetLocaleInfoW.KERNEL32(?,2000000B,?,00000002), ref: 693DB4EB
                                                                                      • GetLocaleInfoW.KERNEL32(?,20001004,?,00000002), ref: 693DB514
                                                                                      • GetACP.KERNEL32 ref: 693DB529
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: InfoLocale
                                                                                      • String ID: ACP$OCP
                                                                                      • API String ID: 2299586839-711371036
                                                                                      • Opcode ID: 3cbe118bbc0ff3a3d8b01270104e311a04f5f071a2ee81575a53944bb86dfbf8
                                                                                      • Instruction ID: f754f2b0591bf45750bbca628231c91d4d7c7313004b0da7840ae3def011d376
                                                                                      • Opcode Fuzzy Hash: 3cbe118bbc0ff3a3d8b01270104e311a04f5f071a2ee81575a53944bb86dfbf8
                                                                                      • Instruction Fuzzy Hash: EC21B377A44105EAE720CF55DA22B9773BBFB44BA4B468468E819DF100E733DE49C390
                                                                                      Function 693DB626 Relevance: 7.7, APIs: 5, Instructions: 188COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 693CFBB0: GetLastError.KERNEL32(00000008,693A1DE7,693CEBE2,693C5DC7), ref: 693CFBB4
                                                                                        • Part of subcall function 693CFBB0: _free.LIBCMT ref: 693CFBE7
                                                                                        • Part of subcall function 693CFBB0: SetLastError.KERNEL32(00000000,00000008,693A1DE7), ref: 693CFC28
                                                                                        • Part of subcall function 693CFBB0: _abort.LIBCMT ref: 693CFC2E
                                                                                        • Part of subcall function 693CFBB0: _free.LIBCMT ref: 693CFC0F
                                                                                        • Part of subcall function 693CFBB0: SetLastError.KERNEL32(00000000,00000008,693A1DE7), ref: 693CFC1C
                                                                                      • GetUserDefaultLCID.KERNEL32 ref: 693DB732
                                                                                      • IsValidCodePage.KERNEL32(00000000), ref: 693DB78D
                                                                                      • IsValidLocale.KERNEL32(?,00000001), ref: 693DB79C
                                                                                      • GetLocaleInfoW.KERNEL32(?,00001001,?,00000040,?,?,00000055,00000000,?,?,00000055,00000000), ref: 693DB7E4
                                                                                      • GetLocaleInfoW.KERNEL32(?,00001002,?,00000040), ref: 693DB803
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: ErrorLastLocale$InfoValid_free$CodeDefaultPageUser_abort
                                                                                      • String ID:
                                                                                      • API String ID: 745075371-0
                                                                                      • Opcode ID: 8b7930f0d6b35f58fe029ff56fc7dc5fea0ab01bd8c786b105a3d6a2a87a1cf7
                                                                                      • Instruction ID: 69a554b9ca6d67da6eaf90aa76b8aa15209a9dc4e0d21c898ebbdaa9229b76fa
                                                                                      • Opcode Fuzzy Hash: 8b7930f0d6b35f58fe029ff56fc7dc5fea0ab01bd8c786b105a3d6a2a87a1cf7
                                                                                      • Instruction Fuzzy Hash: D2514D77A00209ABEF10DFA5CC94ABE77B9FF05741F00446AE964EB190E771DA48CB61
                                                                                      Function 693A29A0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 132windowCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • FormatMessageA.KERNEL32(00001200,00000000,?,00000000,?,00000100,00000000,?,?), ref: 693A29D1
                                                                                      • GetLastError.KERNEL32(?,?,00000000,?,00000100,00000000,?,?), ref: 693A2B45
                                                                                      Strings
                                                                                      • (0x%X), xrefs: 693A2A48
                                                                                      • Error (0x%X) while retrieving error. (0x%X), xrefs: 693A2B4C
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: ErrorFormatLastMessage
                                                                                      • String ID: (0x%X)$Error (0x%X) while retrieving error. (0x%X)
                                                                                      • API String ID: 3479602957-3758316108
                                                                                      • Opcode ID: 3f6a3c30b8d0e70ac3015b29e29122b07db986f7a5ab263798a0f2e64b2685af
                                                                                      • Instruction ID: b2c505f1af04e37bc60a4cfe74d3fe18993da145d0a72683dbccc93c041d1588
                                                                                      • Opcode Fuzzy Hash: 3f6a3c30b8d0e70ac3015b29e29122b07db986f7a5ab263798a0f2e64b2685af
                                                                                      • Instruction Fuzzy Hash: D641E235A00118AFEF25CB55CC44FEEB779EB49304F1042D9E49AAA281DF715E85CF91
                                                                                      Function 693DB0D9 Relevance: 4.7, APIs: 3, Instructions: 205COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 693CFBB0: GetLastError.KERNEL32(00000008,693A1DE7,693CEBE2,693C5DC7), ref: 693CFBB4
                                                                                        • Part of subcall function 693CFBB0: _free.LIBCMT ref: 693CFBE7
                                                                                        • Part of subcall function 693CFBB0: SetLastError.KERNEL32(00000000,00000008,693A1DE7), ref: 693CFC28
                                                                                        • Part of subcall function 693CFBB0: _abort.LIBCMT ref: 693CFC2E
                                                                                        • Part of subcall function 693CFBB0: _free.LIBCMT ref: 693CFC0F
                                                                                        • Part of subcall function 693CFBB0: SetLastError.KERNEL32(00000000,00000008,693A1DE7), ref: 693CFC1C
                                                                                      • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 693DB12D
                                                                                      • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 693DB17E
                                                                                      • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 693DB23E
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: ErrorInfoLastLocale$_free$_abort
                                                                                      • String ID:
                                                                                      • API String ID: 2829624132-0
                                                                                      • Opcode ID: fe8c94408a872a2d45dd0ba595df85cb555f0e191ca46bf30366614d3bbf8981
                                                                                      • Instruction ID: 8a493954b96f83cf2228c2e481444880e909afec20604cf086ccc4936ca0ad8b
                                                                                      • Opcode Fuzzy Hash: fe8c94408a872a2d45dd0ba595df85cb555f0e191ca46bf30366614d3bbf8981
                                                                                      • Instruction Fuzzy Hash: 2761B0739442079FEB18DF28DDA2BAA77B8FF05304F1080AAEC15CA580EB75D959DB50
                                                                                      Function 693C5F8C Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 693C6084
                                                                                      • SetUnhandledExceptionFilter.KERNEL32 ref: 693C608E
                                                                                      • UnhandledExceptionFilter.KERNEL32(-00000328), ref: 693C609B
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                      • String ID:
                                                                                      • API String ID: 3906539128-0
                                                                                      • Opcode ID: 866aea7a8be7f942a49835765669d1073753b2b51cbc6c86193cd2a905380ff5
                                                                                      • Instruction ID: 8e6be700e5b6de875b3eb04c6e6ca99c66e0f7b3b9622c3c10af41fc1131e8c8
                                                                                      • Opcode Fuzzy Hash: 866aea7a8be7f942a49835765669d1073753b2b51cbc6c86193cd2a905380ff5
                                                                                      • Instruction Fuzzy Hash: 4631C475901629DBCF21DF64D988B9CBBB8BF08314F5091DAE81CA7250EB309F858F45
                                                                                      Function 693BD200 Relevance: 4.6, APIs: 3, Instructions: 78COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetUserDefaultUILanguage.KERNEL32 ref: 693BD21F
                                                                                      • GetLocaleInfoW.KERNEL32(?,00000059,?,00000009), ref: 693BD23D
                                                                                      • GetLocaleInfoW.KERNEL32(?,0000005A,?,00000009,?,-00000001,?,00000059,?,00000009), ref: 693BD284
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: InfoLocale$DefaultLanguageUser
                                                                                      • String ID:
                                                                                      • API String ID: 1606347679-0
                                                                                      • Opcode ID: 1728acf2a9f5569e90429f3cbf2e75d533b25924eb2313c2c840dac4481c3398
                                                                                      • Instruction ID: 12f54f8318df640d671656bd7565556e21dab519564467a1126741896f4b60fd
                                                                                      • Opcode Fuzzy Hash: 1728acf2a9f5569e90429f3cbf2e75d533b25924eb2313c2c840dac4481c3398
                                                                                      • Instruction Fuzzy Hash: 4221D2B5A006489BDB20EFA4D845BAFB7BCFB46311F40012BE516DB280CB35DC05CBA0
                                                                                      Function 693DF711 Relevance: 4.5, APIs: 3, Instructions: 47memoryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000), ref: 693DF744
                                                                                      • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 693DF759
                                                                                      • FreeSid.ADVAPI32(?), ref: 693DF769
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                                      • String ID:
                                                                                      • API String ID: 3429775523-0
                                                                                      • Opcode ID: ead0748a9081fc28d306542cec0891e74e2f0ceaca386d54eb09f26c0b01f641
                                                                                      • Instruction ID: 39ce01ea5d28e182bb5dcecb6abfddac1a4b42c753451bd5f82cd4242dcea0ed
                                                                                      • Opcode Fuzzy Hash: ead0748a9081fc28d306542cec0891e74e2f0ceaca386d54eb09f26c0b01f641
                                                                                      • Instruction Fuzzy Hash: CE0128B191020EAFDF00DFE0CD89ABEB7BCFB08211F40456AA925E6181E7359E048A61
                                                                                      Function 693E2CE9 Relevance: 4.5, APIs: 3, Instructions: 40COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • LoadResource.KERNEL32(?,?,?,693E2BE3,?,00000000,?,?,693E2C6F,?,?,?), ref: 693E2CF2
                                                                                      • LockResource.KERNEL32(00000000,00000A2F,?,693E2BE3,?,00000000,?,?,693E2C6F,?,?,?), ref: 693E2D00
                                                                                      • SizeofResource.KERNEL32(?,?,?,693E2BE3,?,00000000,?,?,693E2C6F,?,?,?), ref: 693E2D12
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: Resource$LoadLockSizeof
                                                                                      • String ID:
                                                                                      • API String ID: 2853612939-0
                                                                                      • Opcode ID: f6bf0e5c929d0054a6b3cc3a656e74713c55d1fcd7f5a371ff243df29578d39b
                                                                                      • Instruction ID: 439e559c07ec7654d2949e0086d16e5b2f38e7da36aef869e2b3c638de0a4931
                                                                                      • Opcode Fuzzy Hash: f6bf0e5c929d0054a6b3cc3a656e74713c55d1fcd7f5a371ff243df29578d39b
                                                                                      • Instruction Fuzzy Hash: 6AF04F36D0123BABCF311E68DE0489B7BB9EB453627014927FD69D7114D632E85296D0
                                                                                      Function 693C9E6A Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetCurrentProcess.KERNEL32(693A1DE7,?,693C9E40,693A1DE7,693FB670,0000000C,693C9F88,693A1DE7,00000002,00000000,?,693C5DF9,00000003,?,693BFA3A,693BFA7E), ref: 693C9E8B
                                                                                      • TerminateProcess.KERNEL32(00000000,?,693C9E40,693A1DE7,693FB670,0000000C,693C9F88,693A1DE7,00000002,00000000,?,693C5DF9,00000003,?,693BFA3A,693BFA7E), ref: 693C9E92
                                                                                      • ExitProcess.KERNEL32 ref: 693C9EA4
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: Process$CurrentExitTerminate
                                                                                      • String ID:
                                                                                      • API String ID: 1703294689-0
                                                                                      • Opcode ID: 49471fa9e2d552075bd23b82f176cdaf5d8a899dd5ff2cf6248b989afc76c7ea
                                                                                      • Instruction ID: e1d8a981cafc4e858d002c41433980669de6974fae833ce895a08427f990eeb4
                                                                                      • Opcode Fuzzy Hash: 49471fa9e2d552075bd23b82f176cdaf5d8a899dd5ff2cf6248b989afc76c7ea
                                                                                      • Instruction Fuzzy Hash: 42E0EC32000A88EFCF21AF64C908A993B7DFF5569AF124455FC59DA121CB36DD52DB41
                                                                                      Function 693AA090 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 252COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • std::_Xinvalid_argument.LIBCPMT ref: 693AA345
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: Xinvalid_argumentstd::_
                                                                                      • String ID: vector<T> too long
                                                                                      • API String ID: 909987262-3788999226
                                                                                      • Opcode ID: b586d1dde54f16b2fa65a21282c2028b850630f9405f68a0524e65ab8e0e83a8
                                                                                      • Instruction ID: fc074ebc2df9328713d1ba0b0c2e45185b774f707400e882db8533a9eb944f37
                                                                                      • Opcode Fuzzy Hash: b586d1dde54f16b2fa65a21282c2028b850630f9405f68a0524e65ab8e0e83a8
                                                                                      • Instruction Fuzzy Hash: 84819476A001199FCB18DF68C990AAEBBF6EF88314B04C159E846DF395DB31ED15CB90
                                                                                      Function 693C168B Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 135COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 693C16A4
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: FeaturePresentProcessor
                                                                                      • String ID:
                                                                                      • API String ID: 2325560087-3916222277
                                                                                      • Opcode ID: 27ba855e2b2ecef180d631404ed2bad1643154a3d40e663e70bdd7792f8f0c1f
                                                                                      • Instruction ID: ab8fc4784140e207a9f62e5eef58d3936c17c0aac2178a1b733f6a8d2482e861
                                                                                      • Opcode Fuzzy Hash: 27ba855e2b2ecef180d631404ed2bad1643154a3d40e663e70bdd7792f8f0c1f
                                                                                      • Instruction Fuzzy Hash: 8D518DB1D04706CFEB14CFA9D5867AABBF8FB09310F10856AD429E7280E375A804DF91
                                                                                      Function 693D6C6E Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 114COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: .
                                                                                      • API String ID: 0-248832578
                                                                                      • Opcode ID: a262731bc62998ba8bbe887206e108c187b6468bf39401d4e0bd77036384e745
                                                                                      • Instruction ID: daf946c184225ea404bb3822d5868424140e1c6b0b3d5f631c125473758dd686
                                                                                      • Opcode Fuzzy Hash: a262731bc62998ba8bbe887206e108c187b6468bf39401d4e0bd77036384e745
                                                                                      • Instruction Fuzzy Hash: C7314B77900249AFCB14CE78CD94EEB7B7DEB45308F004199E429D7240E7329D48CB50
                                                                                      Function 693CAE20 Relevance: 3.5, APIs: 2, Instructions: 464COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6ddc88b868330ce88cbc43b3a6ab2eeea43af64c70ef626071db1f136410f2e4
                                                                                      • Instruction ID: 4563e996ff0d65029620e00657e9d2954d09eccf665acb84e32d30c4e884e540
                                                                                      • Opcode Fuzzy Hash: 6ddc88b868330ce88cbc43b3a6ab2eeea43af64c70ef626071db1f136410f2e4
                                                                                      • Instruction Fuzzy Hash: C2023B72E00619DBDB14CFA9D99069EBBF1FF88324F158269D819EB340D731AE41CB91
                                                                                      Function 693DAD29 Relevance: 3.2, APIs: 2, Instructions: 192COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • IsValidCodePage.KERNEL32(00000000), ref: 693DADD0
                                                                                        • Part of subcall function 693C6183: IsProcessorFeaturePresent.KERNEL32(00000017), ref: 693C6185
                                                                                        • Part of subcall function 693C6183: GetCurrentProcess.KERNEL32(C0000417,00000000,0000010C,693B22CA), ref: 693C61A7
                                                                                        • Part of subcall function 693C6183: TerminateProcess.KERNEL32(00000000), ref: 693C61AE
                                                                                        • Part of subcall function 693CFBB0: GetLastError.KERNEL32(00000008,693A1DE7,693CEBE2,693C5DC7), ref: 693CFBB4
                                                                                        • Part of subcall function 693CFBB0: _free.LIBCMT ref: 693CFBE7
                                                                                        • Part of subcall function 693CFBB0: SetLastError.KERNEL32(00000000,00000008,693A1DE7), ref: 693CFC28
                                                                                        • Part of subcall function 693CFBB0: _abort.LIBCMT ref: 693CFC2E
                                                                                        • Part of subcall function 693CFBB0: _free.LIBCMT ref: 693CFC0F
                                                                                        • Part of subcall function 693CFBB0: SetLastError.KERNEL32(00000000,00000008,693A1DE7), ref: 693CFC1C
                                                                                      • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 693DAF11
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: ErrorLast$Process_free$CodeCurrentFeatureInfoLocalePagePresentProcessorTerminateValid_abort
                                                                                      • String ID:
                                                                                      • API String ID: 3156739809-0
                                                                                      • Opcode ID: b10e50a6125a095c04ddaf37299f227e19a16c988619af409beaf622ee8c8186
                                                                                      • Instruction ID: 60d78ea5cfbdf6ab432180c5e5b31546441d28b38350ffd2fa4a4b59e45d8b07
                                                                                      • Opcode Fuzzy Hash: b10e50a6125a095c04ddaf37299f227e19a16c988619af409beaf622ee8c8186
                                                                                      • Instruction Fuzzy Hash: E851277B600605AAE714EAB4CE61FBB73ACFF05725F004529E954DB180EB36E808C7A1
                                                                                      Function 693B2D20 Relevance: 3.0, APIs: 2, Instructions: 40timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 693B2D80
                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 693B2D92
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: Time$FileSystemUnothrow_t@std@@@__ehfuncinfo$??2@
                                                                                      • String ID:
                                                                                      • API String ID: 1518329722-0
                                                                                      • Opcode ID: a4f2bcc835ba1fe354d5630555887207ee2ad6d9f4deea870f8a0ffcef1e56ab
                                                                                      • Instruction ID: 7da4c693455db088386dfbe0453d41ee17babf58c927047888cad25d3c071c7b
                                                                                      • Opcode Fuzzy Hash: a4f2bcc835ba1fe354d5630555887207ee2ad6d9f4deea870f8a0ffcef1e56ab
                                                                                      • Instruction Fuzzy Hash: 9E01D6715047409FDB20EF68CD45B567BE8AB05324F208B2DF9B88B2E1EB729010CB47
                                                                                      Function 693D3093 Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,693D308E,?,?,00000008,?,?,693DCFB4,00000000), ref: 693D32C0
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: ExceptionRaise
                                                                                      • String ID:
                                                                                      • API String ID: 3997070919-0
                                                                                      • Opcode ID: a67ac58d581b524258bc1d1947bc961dfbbd20ef282652b684e7080715f67fac
                                                                                      • Instruction ID: 392f007e5366d210fd5e5c38f149811533a279c17509263b83b25be4e15176c0
                                                                                      • Opcode Fuzzy Hash: a67ac58d581b524258bc1d1947bc961dfbbd20ef282652b684e7080715f67fac
                                                                                      • Instruction Fuzzy Hash: CFB16C32610609DFD705CF28C596B557BE0FF463A8F258658E8A9CF2A1C736ED86CB40
                                                                                      Function 693DB329 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 693CFBB0: GetLastError.KERNEL32(00000008,693A1DE7,693CEBE2,693C5DC7), ref: 693CFBB4
                                                                                        • Part of subcall function 693CFBB0: _free.LIBCMT ref: 693CFBE7
                                                                                        • Part of subcall function 693CFBB0: SetLastError.KERNEL32(00000000,00000008,693A1DE7), ref: 693CFC28
                                                                                        • Part of subcall function 693CFBB0: _abort.LIBCMT ref: 693CFC2E
                                                                                        • Part of subcall function 693CFBB0: _free.LIBCMT ref: 693CFC0F
                                                                                        • Part of subcall function 693CFBB0: SetLastError.KERNEL32(00000000,00000008,693A1DE7), ref: 693CFC1C
                                                                                      • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 693DB37D
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: ErrorLast$_free$InfoLocale_abort
                                                                                      • String ID:
                                                                                      • API String ID: 1663032902-0
                                                                                      • Opcode ID: 9f375f2f73e7282d14da7b8445d35e97ceb7c79cc4af1bab1cc00d21d1fd05a0
                                                                                      • Instruction ID: f220c4ddbe081d3e6b88930a57e70ba37677379c6e02ffb77f2375f0c49560e3
                                                                                      • Opcode Fuzzy Hash: 9f375f2f73e7282d14da7b8445d35e97ceb7c79cc4af1bab1cc00d21d1fd05a0
                                                                                      • Instruction Fuzzy Hash: 9421D13791420AEBDB14DE28DCA2BAA77BCEF05314F1041BBED14CA140EB76E949DB50
                                                                                      Function 693DAEBD Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 693CFBB0: GetLastError.KERNEL32(00000008,693A1DE7,693CEBE2,693C5DC7), ref: 693CFBB4
                                                                                        • Part of subcall function 693CFBB0: _free.LIBCMT ref: 693CFBE7
                                                                                        • Part of subcall function 693CFBB0: SetLastError.KERNEL32(00000000,00000008,693A1DE7), ref: 693CFC28
                                                                                        • Part of subcall function 693CFBB0: _abort.LIBCMT ref: 693CFC2E
                                                                                        • Part of subcall function 693CFBB0: _free.LIBCMT ref: 693CFC0F
                                                                                        • Part of subcall function 693CFBB0: SetLastError.KERNEL32(00000000,00000008,693A1DE7), ref: 693CFC1C
                                                                                      • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 693DAF11
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: ErrorLast$_free$InfoLocale_abort
                                                                                      • String ID:
                                                                                      • API String ID: 1663032902-0
                                                                                      • Opcode ID: c697d9ba05abbf5a1f90033832f006021373326d7766bf4b51a59bd262639de7
                                                                                      • Instruction ID: 0875ad99d5871a60690400bcfc68d22263a7ab0244a841c8083a61e5934a064b
                                                                                      • Opcode Fuzzy Hash: c697d9ba05abbf5a1f90033832f006021373326d7766bf4b51a59bd262639de7
                                                                                      • Instruction Fuzzy Hash: 12110277604206ABDB14DB28DD61ABA77FCEF05324B1091BAE915CB240EF35ED09C790
                                                                                      Function 693DAFB1 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 693CFBB0: GetLastError.KERNEL32(00000008,693A1DE7,693CEBE2,693C5DC7), ref: 693CFBB4
                                                                                        • Part of subcall function 693CFBB0: _free.LIBCMT ref: 693CFBE7
                                                                                        • Part of subcall function 693CFBB0: SetLastError.KERNEL32(00000000,00000008,693A1DE7), ref: 693CFC28
                                                                                        • Part of subcall function 693CFBB0: _abort.LIBCMT ref: 693CFC2E
                                                                                      • EnumSystemLocalesW.KERNEL32(693DB0D9,00000001), ref: 693DB023
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: ErrorLast$EnumLocalesSystem_abort_free
                                                                                      • String ID:
                                                                                      • API String ID: 1084509184-0
                                                                                      • Opcode ID: 2f31de166fb111b67846ca36e0064bc331f60d4808fae82d09a9db1cd48ea670
                                                                                      • Instruction ID: 66cec347b77350a3356398e834dcbe45dbd50218c58b58bc9ef01d4b33b96fd0
                                                                                      • Opcode Fuzzy Hash: 2f31de166fb111b67846ca36e0064bc331f60d4808fae82d09a9db1cd48ea670
                                                                                      • Instruction Fuzzy Hash: C411293B2047019FDB189F3AC9B167AB7B1FF84368B14442DE5968BA40D7326946C780
                                                                                      Function 693DB559 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 693CFBB0: GetLastError.KERNEL32(00000008,693A1DE7,693CEBE2,693C5DC7), ref: 693CFBB4
                                                                                        • Part of subcall function 693CFBB0: _free.LIBCMT ref: 693CFBE7
                                                                                        • Part of subcall function 693CFBB0: SetLastError.KERNEL32(00000000,00000008,693A1DE7), ref: 693CFC28
                                                                                        • Part of subcall function 693CFBB0: _abort.LIBCMT ref: 693CFC2E
                                                                                      • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,693DB2F7,00000000,00000000,?), ref: 693DB585
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: ErrorLast$InfoLocale_abort_free
                                                                                      • String ID:
                                                                                      • API String ID: 2692324296-0
                                                                                      • Opcode ID: 7ea016e6f2c5200fad746e12749a763d33ab0d41808dff5dd5ea1a95077d0a17
                                                                                      • Instruction ID: dd68deef51e829355820fdd05e310b0ee50cd4834ed24d1c8ea2c11ef1cce3df
                                                                                      • Opcode Fuzzy Hash: 7ea016e6f2c5200fad746e12749a763d33ab0d41808dff5dd5ea1a95077d0a17
                                                                                      • Instruction Fuzzy Hash: B1F02837A00219AFDB148A65C825BBB77BAFF40768F01496DEC55A7180EB31FE09C6D0
                                                                                      Function 693DB04C Relevance: 1.5, APIs: 1, Instructions: 42COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 693CFBB0: GetLastError.KERNEL32(00000008,693A1DE7,693CEBE2,693C5DC7), ref: 693CFBB4
                                                                                        • Part of subcall function 693CFBB0: _free.LIBCMT ref: 693CFBE7
                                                                                        • Part of subcall function 693CFBB0: SetLastError.KERNEL32(00000000,00000008,693A1DE7), ref: 693CFC28
                                                                                        • Part of subcall function 693CFBB0: _abort.LIBCMT ref: 693CFC2E
                                                                                      • EnumSystemLocalesW.KERNEL32(693DB329,00000001), ref: 693DB098
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: ErrorLast$EnumLocalesSystem_abort_free
                                                                                      • String ID:
                                                                                      • API String ID: 1084509184-0
                                                                                      • Opcode ID: 7cb1ba1207b7c9425e8affc6977252da9c23cee712f55eb8db937537ead5e2a6
                                                                                      • Instruction ID: 41b7c3233843b5dc73de3150f6803d03725e85ecadcea32fa88219801edecf75
                                                                                      • Opcode Fuzzy Hash: 7cb1ba1207b7c9425e8affc6977252da9c23cee712f55eb8db937537ead5e2a6
                                                                                      • Instruction Fuzzy Hash: 1EF0463B2003059FD7249F3AD8A1A6A7BF5FF8036CF04842DEA418F640D7729806C780
                                                                                      Function 693CEC36 Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 693CB688: EnterCriticalSection.KERNEL32(?,?,693CB4E9,00000000,693FB718,0000000C,693BF041,?,693C0906,?,?,693B1BDD,0000012C), ref: 693CB697
                                                                                      • EnumSystemLocalesW.KERNEL32(693CEBF0,00000001,693FB8B8,0000000C), ref: 693CEC6E
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: CriticalEnterEnumLocalesSectionSystem
                                                                                      • String ID:
                                                                                      • API String ID: 1272433827-0
                                                                                      • Opcode ID: c2a9d5fc1cc37fb557dd6491180858e9318fa66d2473f2bf2f862d94366a66f6
                                                                                      • Instruction ID: 111b51ecaf6219386939c13869284da7ea78c0a8d3474b53aa5a292abd2a2488
                                                                                      • Opcode Fuzzy Hash: c2a9d5fc1cc37fb557dd6491180858e9318fa66d2473f2bf2f862d94366a66f6
                                                                                      • Instruction Fuzzy Hash: BCF0373A910600EFDB24DFA8D805B6D3BB0EB05325F10C116F860DB290CB348D419F86
                                                                                      Function 693DF147 Relevance: 1.5, APIs: 1, Instructions: 33timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: LocalTime
                                                                                      • String ID:
                                                                                      • API String ID: 481472006-0
                                                                                      • Opcode ID: a23d569f213310e6bb661754c3ecdbf9116a56f333384405353634d0ae0d863f
                                                                                      • Instruction ID: 98a3fc734361559e666b3a119fb1e96e2679850d8739426e814ffc9dd2869378
                                                                                      • Opcode Fuzzy Hash: a23d569f213310e6bb661754c3ecdbf9116a56f333384405353634d0ae0d863f
                                                                                      • Instruction Fuzzy Hash: FFF0F639D0010AD7CF04EF94C5517FDB7B89F19705F80403AE802EA640E7388944D3A1
                                                                                      Function 693CF15E Relevance: 1.5, APIs: 1, Instructions: 32COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetLocaleInfoW.KERNEL32(00000000,00000002,00000000,?,20001004,?,?,?,?,693D1EFE,?,20001004,?,00000002,?), ref: 693CF19D
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: InfoLocale
                                                                                      • String ID:
                                                                                      • API String ID: 2299586839-0
                                                                                      • Opcode ID: 5ffb9fab7db8126560b952bcbe8a2338a05fbca096bd183273bc69b7e96ef042
                                                                                      • Instruction ID: dc6c3ad3479b1b57fe5a18537d8bcf0b735ea2c24eb82e3ccd4b9d29a67f42d1
                                                                                      • Opcode Fuzzy Hash: 5ffb9fab7db8126560b952bcbe8a2338a05fbca096bd183273bc69b7e96ef042
                                                                                      • Instruction Fuzzy Hash: 82F08239501A58FBCF229F60DC04A6E7B69EF05710F018119FC1566210CB329E10EA96
                                                                                      Function 693DAF66 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 693CFBB0: GetLastError.KERNEL32(00000008,693A1DE7,693CEBE2,693C5DC7), ref: 693CFBB4
                                                                                        • Part of subcall function 693CFBB0: _free.LIBCMT ref: 693CFBE7
                                                                                        • Part of subcall function 693CFBB0: SetLastError.KERNEL32(00000000,00000008,693A1DE7), ref: 693CFC28
                                                                                        • Part of subcall function 693CFBB0: _abort.LIBCMT ref: 693CFC2E
                                                                                      • EnumSystemLocalesW.KERNEL32(Function_0003AEBD,00000001), ref: 693DAF9D
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: ErrorLast$EnumLocalesSystem_abort_free
                                                                                      • String ID:
                                                                                      • API String ID: 1084509184-0
                                                                                      • Opcode ID: 127a820bc6a6823368e3bba45696fc9ac512689c6a39ad9581e5d9066a5e9ba3
                                                                                      • Instruction ID: d06dd00ddb7e42844f378f3e1f4cf3bf73a4491c69f23f05e3ccd914a1f4c592
                                                                                      • Opcode Fuzzy Hash: 127a820bc6a6823368e3bba45696fc9ac512689c6a39ad9581e5d9066a5e9ba3
                                                                                      • Instruction Fuzzy Hash: CFF0E53B30024557CB049F35CA65B6A7FA8EFC1764B064099EA16CB640C7369846C790
                                                                                      Function 693B4580 Relevance: 1.5, Strings: 1, Instructions: 269COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID: 0-3916222277
                                                                                      • Opcode ID: e5ccf741bb91181e23a5a701387b09b91e6fdce56cb6fb58da00a7ad9b825e39
                                                                                      • Instruction ID: 44b444e526207eda1075ae155b03fc21fd1ca27ea3ab60581949edf321f38765
                                                                                      • Opcode Fuzzy Hash: e5ccf741bb91181e23a5a701387b09b91e6fdce56cb6fb58da00a7ad9b825e39
                                                                                      • Instruction Fuzzy Hash: C3A1AD72E046059FDB18CF68C88169CFBB1FF29314F14862EE849DB746D734A984CBA4
                                                                                      Function 693C7F4E Relevance: 1.5, Strings: 1, Instructions: 214COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 0
                                                                                      • API String ID: 0-4108050209
                                                                                      • Opcode ID: 8539593f3be978389ef38bfebd006fa0c853f7248c9af714f81ab8b3c7156af0
                                                                                      • Instruction ID: bdfe2904f559e3c763af4e61e153f0bbd34172768fbc4b7f95fdc07cc3b1e015
                                                                                      • Opcode Fuzzy Hash: 8539593f3be978389ef38bfebd006fa0c853f7248c9af714f81ab8b3c7156af0
                                                                                      • Instruction Fuzzy Hash: 43515772648E54EBDB20896889917AF73D9EB43348F004909DD93CB381CB57EF468363
                                                                                      Function 693CB428 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: HeapProcess
                                                                                      • String ID:
                                                                                      • API String ID: 54951025-0
                                                                                      • Opcode ID: 87264d8b47f30c9ad2eeb3a5787992153ee489f236b3651781737e0c977c48a2
                                                                                      • Instruction ID: a2f5e06f97b14983e1adcca5c38427a1ca582583714a67afa32b8da6773bb0da
                                                                                      • Opcode Fuzzy Hash: 87264d8b47f30c9ad2eeb3a5787992153ee489f236b3651781737e0c977c48a2
                                                                                      • Instruction Fuzzy Hash: 79A02430301344CF4F30CF34430430C35FC75031D13004057D014C1150D7344100C701
                                                                                      Function 693D56C9 Relevance: .6, Instructions: 637COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e68550d54a3e5e7a033b46bc35335ffee7b2bee8684b4c3dcc55a412517a5c5e
                                                                                      • Instruction ID: 2b28a7c6032a8b285dc150d9819e4af84adf2f5eed20ea8a3434cb2db12d1f19
                                                                                      • Opcode Fuzzy Hash: e68550d54a3e5e7a033b46bc35335ffee7b2bee8684b4c3dcc55a412517a5c5e
                                                                                      • Instruction Fuzzy Hash: 60323532D69F414DDB239638C872325A25CEFB73C4F11D727F826B5A99EB29C5874200
                                                                                      Function 693C46ED Relevance: .3, Instructions: 345COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
                                                                                      • Instruction ID: 4b5611dce1684e260250b0ea553d2bca0639e20c3f5848ede919f62e61ad645a
                                                                                      • Opcode Fuzzy Hash: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
                                                                                      • Instruction Fuzzy Hash: D6C1B6322099A389EB0E463ED53A03FFAF16E927B1316075DD4B3CB1D4EE21C924C661
                                                                                      Function 693C4B22 Relevance: .3, Instructions: 341COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
                                                                                      • Instruction ID: fe0bc12542160629f09bc7a80477f5f0422cbcf14fa381ef408d8643b41cd3e0
                                                                                      • Opcode Fuzzy Hash: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
                                                                                      • Instruction Fuzzy Hash: 07C1A4362098A38AEB0E463AD53913FFAF16A927B1306076DD4B3CB1D5EE21C524D661
                                                                                      Function 693C42B8 Relevance: .3, Instructions: 331COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
                                                                                      • Instruction ID: 236d68ea440be71e9d44c7877222d0c2a1d8602ea791e690b62a4558061db257
                                                                                      • Opcode Fuzzy Hash: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
                                                                                      • Instruction Fuzzy Hash: B4C192322099938AEB0E467DD53A03FFAF16A927B1316076DE4B3CB1D4EE21D524C661
                                                                                      Function 693C3EA0 Relevance: .3, Instructions: 323COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                                                                      • Instruction ID: fb2835e89e18fd72af1088576f2bbd4234044eabede9b47c2c30549cdcd61d08
                                                                                      • Opcode Fuzzy Hash: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                                                                      • Instruction Fuzzy Hash: 3BC1953220996389EB0E4679D93A03FFBF16E927B1316176DD4B3CB1C4EE21D524C661
                                                                                      Function 693C817D Relevance: .2, Instructions: 237COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 34d704814394cbb1cfb54e64bafb00e58c1e30748a66adcd0ede0327464ec7b9
                                                                                      • Instruction ID: 1224563553be1668abc288e8a1c958e8c5c2ca55dfb78908fa843c50fac1df4c
                                                                                      • Opcode Fuzzy Hash: 34d704814394cbb1cfb54e64bafb00e58c1e30748a66adcd0ede0327464ec7b9
                                                                                      • Instruction Fuzzy Hash: 0661277A640F09E6DA1489688959BEF73D8AF47348F00591ADD92DB580D723EF42C327
                                                                                      Function 693C1ED0 Relevance: .1, Instructions: 76COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                      • Instruction ID: fa87ac30bd6ea8740730b413d8ec0b7a0fa1b79f8d0af724555fd950e4d37bd3
                                                                                      • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                      • Instruction Fuzzy Hash: 19110877244842C3D600C5ADD5B46AAF3A5FBC6325B28436AD1618B754D323F945B602
                                                                                      Function 693C2FC6 Relevance: 24.8, APIs: 11, Strings: 3, Instructions: 269COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • IsInExceptionSpec.LIBVCRUNTIME ref: 693C30CA
                                                                                      • _GetRangeOfTrysToCheck.LIBVCRUNTIME ref: 693C3145
                                                                                      • ___TypeMatch.LIBVCRUNTIME ref: 693C31B9
                                                                                      • ___DestructExceptionObject.LIBVCRUNTIME ref: 693C323E
                                                                                      • IsInExceptionSpec.LIBVCRUNTIME ref: 693C3279
                                                                                      • FindHandlerForForeignException.LIBVCRUNTIME ref: 693C32C8
                                                                                      • ___DestructExceptionObject.LIBVCRUNTIME ref: 693C32EA
                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 693C3302
                                                                                      • _UnwindNestedFrames.LIBCMT ref: 693C330A
                                                                                      • ___FrameUnwindToState.LIBVCRUNTIME ref: 693C3316
                                                                                      • CallUnexpected.LIBVCRUNTIME ref: 693C3321
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: Exception$DestructObjectSpecUnwind$CallCheckException@8FindForeignFrameFramesHandlerMatchNestedRangeStateThrowTrysTypeUnexpected
                                                                                      • String ID: csm$csm$csm
                                                                                      • API String ID: 410073093-393685449
                                                                                      • Opcode ID: c57813f005f7f559e3c65220c04895e9e477553e586072c5e1c79aa1a6a003fb
                                                                                      • Instruction ID: 46a02af45b1d05edea58e5392ca305f342b8aebd94fc502590cb6ce11c9ba658
                                                                                      • Opcode Fuzzy Hash: c57813f005f7f559e3c65220c04895e9e477553e586072c5e1c79aa1a6a003fb
                                                                                      • Instruction Fuzzy Hash: EFB18B75804B09EFCF14CFA4C940B9EBBB5BF09315F108159E89266650D736EE86CBA3
                                                                                      Function 693CBA4E Relevance: 22.8, APIs: 15, Instructions: 296COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: _free$Info
                                                                                      • String ID:
                                                                                      • API String ID: 2509303402-0
                                                                                      • Opcode ID: a2485418329cd71efe01b42d146ea06a35429cab2979802796a6d442206ee0d5
                                                                                      • Instruction ID: dc9faa91d60c61abd5bf4c5f949b11d877c24ca5768c9b8fbaf70740e666de04
                                                                                      • Opcode Fuzzy Hash: a2485418329cd71efe01b42d146ea06a35429cab2979802796a6d442206ee0d5
                                                                                      • Instruction Fuzzy Hash: 95B19E75900B05DFEB11CFA8C884BEEBBF8BF08304F148469E495AB251DB769D45CB21
                                                                                      Function 693D7EE9 Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • ___free_lconv_mon.LIBCMT ref: 693D7F2D
                                                                                        • Part of subcall function 693D98B3: _free.LIBCMT ref: 693D98D0
                                                                                        • Part of subcall function 693D98B3: _free.LIBCMT ref: 693D98E2
                                                                                        • Part of subcall function 693D98B3: _free.LIBCMT ref: 693D98F4
                                                                                        • Part of subcall function 693D98B3: _free.LIBCMT ref: 693D9906
                                                                                        • Part of subcall function 693D98B3: _free.LIBCMT ref: 693D9918
                                                                                        • Part of subcall function 693D98B3: _free.LIBCMT ref: 693D992A
                                                                                        • Part of subcall function 693D98B3: _free.LIBCMT ref: 693D993C
                                                                                        • Part of subcall function 693D98B3: _free.LIBCMT ref: 693D994E
                                                                                        • Part of subcall function 693D98B3: _free.LIBCMT ref: 693D9960
                                                                                        • Part of subcall function 693D98B3: _free.LIBCMT ref: 693D9972
                                                                                        • Part of subcall function 693D98B3: _free.LIBCMT ref: 693D9984
                                                                                        • Part of subcall function 693D98B3: _free.LIBCMT ref: 693D9996
                                                                                        • Part of subcall function 693D98B3: _free.LIBCMT ref: 693D99A8
                                                                                      • _free.LIBCMT ref: 693D7F22
                                                                                        • Part of subcall function 693CCBA5: HeapFree.KERNEL32(00000000,00000000), ref: 693CCBBB
                                                                                        • Part of subcall function 693CCBA5: GetLastError.KERNEL32(00000000,?,693DA020,00000000,00000000,00000000,00000000,?,693DA2C4,00000000,00000007,00000000,?,693D8081,00000000,00000000), ref: 693CCBCD
                                                                                      • _free.LIBCMT ref: 693D7F44
                                                                                      • _free.LIBCMT ref: 693D7F59
                                                                                      • _free.LIBCMT ref: 693D7F64
                                                                                      • _free.LIBCMT ref: 693D7F86
                                                                                      • _free.LIBCMT ref: 693D7F99
                                                                                      • _free.LIBCMT ref: 693D7FA7
                                                                                      • _free.LIBCMT ref: 693D7FB2
                                                                                      • _free.LIBCMT ref: 693D7FEA
                                                                                      • _free.LIBCMT ref: 693D7FF1
                                                                                      • _free.LIBCMT ref: 693D800E
                                                                                      • _free.LIBCMT ref: 693D8026
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                      • String ID:
                                                                                      • API String ID: 161543041-0
                                                                                      • Opcode ID: 0e7fe09d9511709952ca0e0af19bc35bca20f7b4a8537544783429d23aa87221
                                                                                      • Instruction ID: 6a2d2ea989e669d3db80dea546f54d1aa1c5f8d40ab1c821500d6cd9d5690547
                                                                                      • Opcode Fuzzy Hash: 0e7fe09d9511709952ca0e0af19bc35bca20f7b4a8537544783429d23aa87221
                                                                                      • Instruction Fuzzy Hash: BA317E72604B01DFFB219A78D954F5AB7E9FF40314F109819E4AAD7190DF32A948CB61
                                                                                      Function 693A25F0 Relevance: 19.6, APIs: 8, Strings: 3, Instructions: 300threadCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: Smanip$Current$CountProcessThreadTick
                                                                                      • String ID: )] $UNKNOWN$VERBOSE
                                                                                      • API String ID: 1623629380-3915483136
                                                                                      • Opcode ID: 10043b71476f6219c4f899a47f0b99d3d169f708780d38aa76c3ae2a93512ae3
                                                                                      • Instruction ID: 417995e6781b41749b13784146ba05e1433f1af95c91a0f6a0b85abb2ddf733f
                                                                                      • Opcode Fuzzy Hash: 10043b71476f6219c4f899a47f0b99d3d169f708780d38aa76c3ae2a93512ae3
                                                                                      • Instruction Fuzzy Hash: 43A1F279A04300AFC714DF69CC45F1AB7E9EF85318F04882DF4998B291EB32D905CB92
                                                                                      Function 693B1CB0 Relevance: 19.5, APIs: 9, Strings: 2, Instructions: 265threadCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • CloseHandle.KERNEL32(?), ref: 693B1CCF
                                                                                      • TlsSetValue.KERNEL32(?,?), ref: 693B1CFD
                                                                                      • CloseHandle.KERNEL32(?), ref: 693B1D4A
                                                                                      • TlsSetValue.KERNEL32(?,00000000), ref: 693B1D72
                                                                                      • GetCurrentThreadId.KERNEL32(?,?), ref: 693B1E06
                                                                                      • AcquireSRWLockExclusive.KERNEL32(?,?,?), ref: 693B1E19
                                                                                      • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?), ref: 693B1EDE
                                                                                      • AcquireSRWLockExclusive.KERNEL32(?,?,?), ref: 693B1F31
                                                                                      • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?), ref: 693B1FBF
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: ExclusiveLock$AcquireCloseHandleReleaseValue$CurrentThread
                                                                                      • String ID: Failed to TlsSetValue().$c:\b\build\slave\win\build\src\base\threading\thread_local_win.cc
                                                                                      • API String ID: 3870014289-1575462531
                                                                                      • Opcode ID: fed8746a9a4b9c9f8d51851e6d958ebb270531d179e81eb27a888bd04d0e5f65
                                                                                      • Instruction ID: 473cb9aedd210da8f5ef302bbd7f9ae5747ab9635095f23f04ca54707b1ecb4b
                                                                                      • Opcode Fuzzy Hash: fed8746a9a4b9c9f8d51851e6d958ebb270531d179e81eb27a888bd04d0e5f65
                                                                                      • Instruction Fuzzy Hash: 528158755043449BCB10DF60DC45BCA7BE8FB65314F00492DFDA9CB591DB71AA48CBA2
                                                                                      Function 693D99B1 Relevance: 18.4, APIs: 12, Instructions: 376COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: _free
                                                                                      • String ID:
                                                                                      • API String ID: 269201875-0
                                                                                      • Opcode ID: d1a4df5bf14326c69688214d63a806f110ad4000c78b30b3e7bbc4c19e3de520
                                                                                      • Instruction ID: 82986fada88ef65d78371af8ad93ef87d150809a2768c4af281233a28b6e1c49
                                                                                      • Opcode Fuzzy Hash: d1a4df5bf14326c69688214d63a806f110ad4000c78b30b3e7bbc4c19e3de520
                                                                                      • Instruction Fuzzy Hash: E1C164B7E40204AFEB20CFE8CC96FDE77F8AB49744F044155FA44EB281E6709A458B65
                                                                                      Function 693E526F Relevance: 17.8, APIs: 2, Strings: 8, Instructions: 305fileCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 693E6AB6: SetFilePointerEx.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 693E6AEE
                                                                                        • Part of subcall function 693E6AB6: GetLastError.KERNEL32 ref: 693E6B07
                                                                                      • SetEndOfFile.KERNEL32(?,?,?,?,00000000), ref: 693E52F7
                                                                                      • GetLastError.KERNEL32(?,?,?,?,00000000), ref: 693E5310
                                                                                        • Part of subcall function 693A2340: GetLastError.KERNEL32(?,00000000), ref: 693A23D6
                                                                                        • Part of subcall function 693E6663: GetLastError.KERNEL32(?,000000FF,0000001C,00000001), ref: 693E66A2
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: ErrorLast$File$Pointer
                                                                                      • String ID: expected to start with $DAPC$c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\client\crash_report_database_win.cc$failed to rewind to write$failed to truncate$failed to write header$failed to write records$failed to write string table
                                                                                      • API String ID: 4162258135-419746783
                                                                                      • Opcode ID: 0ba5e8566d2bc4d30478907a1ad085036e4ef6c1d7c390b912669f2c7c78b765
                                                                                      • Instruction ID: e2eed84434d6b7659462b364e6f1026a0374656173b43a0f135678eef32481be
                                                                                      • Opcode Fuzzy Hash: 0ba5e8566d2bc4d30478907a1ad085036e4ef6c1d7c390b912669f2c7c78b765
                                                                                      • Instruction Fuzzy Hash: 92A10476940228ABEF14DB64DC41FEDB3B9EF11318F10909AE589B71D1DF32AE858B10
                                                                                      Function 693D77D1 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 209COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                                                                      • String ID: 9I
                                                                                      • API String ID: 1282221369-3330861948
                                                                                      • Opcode ID: b64d9c0e74266d05b34fda29427d255f22c0cae74f8ef2745f13543411269719
                                                                                      • Instruction ID: db77a4f47f4514f5af21524866de735d97dad30463d16ab88ba4c94781162a6c
                                                                                      • Opcode Fuzzy Hash: b64d9c0e74266d05b34fda29427d255f22c0cae74f8ef2745f13543411269719
                                                                                      • Instruction Fuzzy Hash: 2F612BF7905744AFEF21DF648851A6E7BE9AF02364F00816DE99697280D7368F08C791
                                                                                      Function 693A6AE0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 113COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: SVWj
                                                                                      • API String ID: 0-3360714375
                                                                                      • Opcode ID: abc796298991e95840fd9313241ae5c26de3220efdca5e78493931b5b0d33181
                                                                                      • Instruction ID: 8af9806a00b000d3563323461881fa4614af50edd22a4e563314d2b6a7bd3553
                                                                                      • Opcode Fuzzy Hash: abc796298991e95840fd9313241ae5c26de3220efdca5e78493931b5b0d33181
                                                                                      • Instruction Fuzzy Hash: 2E31377AA006058BDB14DF6DD580E5E73F8EF5032CB1081A9DC599B251DB32EE41C7D2
                                                                                      Function 693E77EB Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 112COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetFileAttributesW.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?,693E763E,000000FF,?,?), ref: 693E7814
                                                                                        • Part of subcall function 693E7928: OutputDebugStringW.KERNEL32(693FEDD8,?,693E7900,Failed to create directory %ls, last error is %d,?,000000B7), ref: 693E7949
                                                                                      Strings
                                                                                      • install_static::`anonymous-namespace'::RecursiveDirectoryCreate, xrefs: 693E781C
                                                                                      • %hs( %ls directory conflicts with an existing file. ), xrefs: 693E7839
                                                                                      • Failed to create one of the parent directories, xrefs: 693E78BF
                                                                                      • Failed to create directory %ls, last error is %d, xrefs: 693E78F6
                                                                                      • %hs( %ls directory exists ), xrefs: 693E7825
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: AttributesDebugFileOutputString
                                                                                      • String ID: %hs( %ls directory conflicts with an existing file. )$%hs( %ls directory exists )$Failed to create directory %ls, last error is %d$Failed to create one of the parent directories$install_static::`anonymous-namespace'::RecursiveDirectoryCreate
                                                                                      • API String ID: 708965821-2569357656
                                                                                      • Opcode ID: ab0ae96f2c018b2e2e806e66742d3dc8601c51624e7b6d33099a158362198e57
                                                                                      • Instruction ID: f93844326fe5525245625626cbd02ca4e71be6df8009a7bd0298532f8a2c95b9
                                                                                      • Opcode Fuzzy Hash: ab0ae96f2c018b2e2e806e66742d3dc8601c51624e7b6d33099a158362198e57
                                                                                      • Instruction Fuzzy Hash: D8310435900228BADF00DAA5EC46FAE7779DF52328F10511BF46AA31D2EB355D06C7A1
                                                                                      Function 693BD530 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 65libraryloaderCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • new.LIBCMT ref: 693BD54D
                                                                                        • Part of subcall function 693B2A20: GetCurrentProcess.KERNEL32(00000000), ref: 693B2A4E
                                                                                        • Part of subcall function 693B2A20: GetModuleHandleW.KERNEL32(kernel32.dll,IsWow64Process), ref: 693B2A64
                                                                                        • Part of subcall function 693B2A20: GetProcAddress.KERNEL32(00000000), ref: 693B2A6B
                                                                                        • Part of subcall function 693B2A20: GetVersionExW.KERNEL32(0000011C), ref: 693B2AE0
                                                                                        • Part of subcall function 693B2A20: GetNativeSystemInfo.KERNEL32(?), ref: 693B2B3C
                                                                                      • GetModuleHandleW.KERNEL32(kernel32.dll), ref: 693BD5B7
                                                                                      • GetProcAddress.KERNEL32(00000000,InitializeProcThreadAttributeList), ref: 693BD5CB
                                                                                      • GetProcAddress.KERNEL32(00000000,UpdateProcThreadAttribute), ref: 693BD5D8
                                                                                      • GetProcAddress.KERNEL32(00000000,DeleteProcThreadAttributeList), ref: 693BD5E5
                                                                                      Strings
                                                                                      • UpdateProcThreadAttribute, xrefs: 693BD5CD
                                                                                      • InitializeProcThreadAttributeList, xrefs: 693BD5C5
                                                                                      • DeleteProcThreadAttributeList, xrefs: 693BD5DA
                                                                                      • kernel32.dll, xrefs: 693BD5B2
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: AddressProc$HandleModule$CurrentInfoNativeProcessSystemVersion
                                                                                      • String ID: DeleteProcThreadAttributeList$InitializeProcThreadAttributeList$UpdateProcThreadAttribute$kernel32.dll
                                                                                      • API String ID: 4189602493-1491343547
                                                                                      • Opcode ID: 5229a5990e15d168a322816d229bb7a232362407853bbf60f0b9b4ef585d163d
                                                                                      • Instruction ID: 9111a9987f9d56cdd1957940803b8cb49d70f4310880fe3b1855941b779246a1
                                                                                      • Opcode Fuzzy Hash: 5229a5990e15d168a322816d229bb7a232362407853bbf60f0b9b4ef585d163d
                                                                                      • Instruction Fuzzy Hash: E91106F5A053509BEF24AF248D44B2A3BF9EBA3329F10443FE5169B240DB798C45C755
                                                                                      Function 693CFA90 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • _free.LIBCMT ref: 693CFAA4
                                                                                        • Part of subcall function 693CCBA5: HeapFree.KERNEL32(00000000,00000000), ref: 693CCBBB
                                                                                        • Part of subcall function 693CCBA5: GetLastError.KERNEL32(00000000,?,693DA020,00000000,00000000,00000000,00000000,?,693DA2C4,00000000,00000007,00000000,?,693D8081,00000000,00000000), ref: 693CCBCD
                                                                                      • _free.LIBCMT ref: 693CFAB0
                                                                                      • _free.LIBCMT ref: 693CFABB
                                                                                      • _free.LIBCMT ref: 693CFAC6
                                                                                      • _free.LIBCMT ref: 693CFAD1
                                                                                      • _free.LIBCMT ref: 693CFADC
                                                                                      • _free.LIBCMT ref: 693CFAE7
                                                                                      • _free.LIBCMT ref: 693CFAF2
                                                                                      • _free.LIBCMT ref: 693CFAFD
                                                                                      • _free.LIBCMT ref: 693CFB0B
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: _free$ErrorFreeHeapLast
                                                                                      • String ID:
                                                                                      • API String ID: 776569668-0
                                                                                      • Opcode ID: 9adc5c238fe3fc07dfba93f8edf2fe8a835510873e929a725815fb579dea98de
                                                                                      • Instruction ID: 0fa7cfb7a71ba0fd4fb02a5faecca921c1d4523808854bc5fe5e7fceb1f1fc4b
                                                                                      • Opcode Fuzzy Hash: 9adc5c238fe3fc07dfba93f8edf2fe8a835510873e929a725815fb579dea98de
                                                                                      • Instruction Fuzzy Hash: 811193BA110908FFDF01DF94C980CD93FA5AF44354B01D5A1FA888B221DB32DF549B82
                                                                                      Function 693DDDCB Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 268COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetCPInfo.KERNEL32(?,?,?,7FFFFFFF,?, 9I,693DE0A4,?,?,?,?,?,?,?,00493920, 9I), ref: 693DDE77
                                                                                      • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 693DDEFA
                                                                                      • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 693DDF8D
                                                                                      • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 693DDFA4
                                                                                        • Part of subcall function 693CC844: HeapAlloc.KERNEL32(00000000,0000010C,00000004,?,693CC8A7,?,00000000,?,693D7B70,0000010C,00000004,?,0000010C,?,?,693CDB9D), ref: 693CC876
                                                                                      • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 693DE020
                                                                                      • __freea.LIBCMT ref: 693DE04B
                                                                                      • __freea.LIBCMT ref: 693DE057
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: ByteCharMultiWide$__freea$AllocHeapInfo
                                                                                      • String ID: 9I
                                                                                      • API String ID: 2171645-3330861948
                                                                                      • Opcode ID: 4c956a12e60aa061fe5838a6292ad4dfc4edc32960f33fc387be85ce46445edf
                                                                                      • Instruction ID: 6267d4b6939965814ce3e9063e6bae30c35182bda8516932df4751b3782d1e03
                                                                                      • Opcode Fuzzy Hash: 4c956a12e60aa061fe5838a6292ad4dfc4edc32960f33fc387be85ce46445edf
                                                                                      • Instruction Fuzzy Hash: BB91E573E002069FDF21CEA5C860EEEBBB9AF19754F05451AE824E7580D736DC48CBA0
                                                                                      Function 693DC926 Relevance: 13.8, APIs: 9, Instructions: 300COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e1861b019836d2b44c2870f439ad2e5a8692f13152986be3dcc9eba0d86a0184
                                                                                      • Instruction ID: 8f89a55915e2a130c5528bd5d1428c312233079bd595db09272c390c873a1f9b
                                                                                      • Opcode Fuzzy Hash: e1861b019836d2b44c2870f439ad2e5a8692f13152986be3dcc9eba0d86a0184
                                                                                      • Instruction Fuzzy Hash: AFC1E47AD143899FDF01CFA8C860BADBBF5BF0A324F048189E561A7381C7759946CB61
                                                                                      Function 693DBE3D Relevance: 13.8, APIs: 9, Instructions: 272COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 693DBB7C: CreateFileW.KERNEL32(00000000,00000000,?,693DBEE6,?,?,00000000), ref: 693DBB99
                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 693DBF51
                                                                                      • __dosmaperr.LIBCMT ref: 693DBF58
                                                                                      • GetFileType.KERNEL32 ref: 693DBF64
                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 693DBF6E
                                                                                      • __dosmaperr.LIBCMT ref: 693DBF77
                                                                                      • CloseHandle.KERNEL32(00000000), ref: 693DBF97
                                                                                      • CloseHandle.KERNEL32(?), ref: 693DC0E1
                                                                                      • GetLastError.KERNEL32 ref: 693DC113
                                                                                      • __dosmaperr.LIBCMT ref: 693DC11A
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                      • String ID:
                                                                                      • API String ID: 4237864984-0
                                                                                      • Opcode ID: 84dcb9d150fd1bb2416cf17d3858cbdf14cd8a7b381f75863888ba6813b74a71
                                                                                      • Instruction ID: d8acef5ca17ca8bc679d280b825c0bef33a3d7d23d60141b4fb5ba51849221a9
                                                                                      • Opcode Fuzzy Hash: 84dcb9d150fd1bb2416cf17d3858cbdf14cd8a7b381f75863888ba6813b74a71
                                                                                      • Instruction Fuzzy Hash: 2EA14437A141488FDF18CF68D861BAE3BB5EB0A324F144159E821EF391CB359916CB92
                                                                                      Function 693C018B Relevance: 13.7, APIs: 9, Instructions: 200COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,?,?,?), ref: 693C01D4
                                                                                      • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?), ref: 693C0268
                                                                                      • ___crtCompareStringEx.LIBCPMT ref: 693C0282
                                                                                      • ___crtCompareStringEx.LIBCPMT ref: 693C02BE
                                                                                      • ___crtCompareStringEx.LIBCPMT ref: 693C0337
                                                                                      • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,?,00000000,00000000), ref: 693C0352
                                                                                      • __freea.LIBCMT ref: 693C035F
                                                                                        • Part of subcall function 693CC844: HeapAlloc.KERNEL32(00000000,0000010C,00000004,?,693CC8A7,?,00000000,?,693D7B70,0000010C,00000004,?,0000010C,?,?,693CDB9D), ref: 693CC876
                                                                                      • __freea.LIBCMT ref: 693C0372
                                                                                      • __freea.LIBCMT ref: 693C037D
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: ByteCharCompareMultiStringWide___crt__freea$AllocHeap
                                                                                      • String ID:
                                                                                      • API String ID: 2499053095-0
                                                                                      • Opcode ID: 0a684ecfaca13a99071ada3251947d9ead49a2522ff6355e36ffd3989e6888e7
                                                                                      • Instruction ID: 89981a8cdecf673d8864bd4ea162125659967c67c212ae6e1189e5e3d37c4745
                                                                                      • Opcode Fuzzy Hash: 0a684ecfaca13a99071ada3251947d9ead49a2522ff6355e36ffd3989e6888e7
                                                                                      • Instruction Fuzzy Hash: C551F9B2A10A9AEFDF118FA8CC80D9E7BB9FF41754B008129ED14E6150DB35CC50CB92
                                                                                      Function 693DF383 Relevance: 13.6, APIs: 9, Instructions: 77COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • OpenProcess.KERNEL32(00000400,00000001,?,00000000,00000000), ref: 693DF396
                                                                                      • OpenProcessToken.ADVAPI32(00000000,00000008,?,00000000), ref: 693DF3B3
                                                                                      • GetTokenInformation.ADVAPI32(?,00000001(TokenIntegrityLevel),00000000,00000000,?), ref: 693DF3CF
                                                                                      • GetLastError.KERNEL32 ref: 693DF3D5
                                                                                      • GetLastError.KERNEL32 ref: 693DF3E0
                                                                                      • GetTokenInformation.ADVAPI32(?,00000001(TokenIntegrityLevel),00000000,?,?), ref: 693DF406
                                                                                      • ConvertSidToStringSidW.ADVAPI32(?,?), ref: 693DF420
                                                                                      • CloseHandle.KERNEL32(?), ref: 693DF43C
                                                                                      • CloseHandle.KERNEL32(00000000), ref: 693DF443
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: Token$CloseErrorHandleInformationLastOpenProcess$ConvertString
                                                                                      • String ID:
                                                                                      • API String ID: 1608810797-0
                                                                                      • Opcode ID: e7dd5cd81c59dff3a7d15230ec7352cad523401a60e580bb65751d71118ef884
                                                                                      • Instruction ID: 10225d808e617ccb3c4bf1d9752ac0fcea6416062a653931437c0e4e714b1537
                                                                                      • Opcode Fuzzy Hash: e7dd5cd81c59dff3a7d15230ec7352cad523401a60e580bb65751d71118ef884
                                                                                      • Instruction Fuzzy Hash: A2218B36A50108BFEF219FA4CC85AAE7BBDEF05314F004062F821E6050D7728E49AA60
                                                                                      Function 693BE6F0 Relevance: 12.6, APIs: 3, Strings: 4, Instructions: 349COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 693BE754
                                                                                      • GetWindowsDirectoryW.KERNEL32(?,00000104,00000000,?), ref: 693BE798
                                                                                      • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 693BE7DB
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: Directory$FileModuleNameSystemWindows
                                                                                      • String ID: Internet Explorer$Microsoft$ProgramW6432$Quick Launch
                                                                                      • API String ID: 592745672-224070340
                                                                                      • Opcode ID: 8e4f14e6fa31bdcb3f024af20706828019bc3387966d8e47a71c24a32af47042
                                                                                      • Instruction ID: bd9f96769d50c2f09dbbadb619b5f808fd2f88c2837b726b5b3016fae32b9508
                                                                                      • Opcode Fuzzy Hash: 8e4f14e6fa31bdcb3f024af20706828019bc3387966d8e47a71c24a32af47042
                                                                                      • Instruction Fuzzy Hash: 70C1A035248300ABE624DB68CC55FAE77ECFF51744F50491DF2A29A4D0EB71E909CBA2
                                                                                      Function 693A1E30 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 190fileCOMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetModuleFileNameW.KERNEL32(00000000,?,00000104,?), ref: 693A1E54
                                                                                        • Part of subcall function 693BFC31: std::invalid_argument::invalid_argument.LIBCONCRT ref: 693BFC3D
                                                                                        • Part of subcall function 693BFC31: __CxxThrowException@8.LIBVCRUNTIME ref: 693BFC4B
                                                                                      • new.LIBCMT ref: 693A1F48
                                                                                      • CreateFileW.KERNEL32(?,00000004,00000003,00000000,00000004,00000080,00000000), ref: 693A1F81
                                                                                      • CreateFileW.KERNEL32(?,00000004,00000003,00000000,00000004,00000080,00000000), ref: 693A2032
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: File$Create$Exception@8ModuleNameThrowstd::invalid_argument::invalid_argument
                                                                                      • String ID: \$debug.log$invalid string position
                                                                                      • API String ID: 3749634790-2581654245
                                                                                      • Opcode ID: 160d70c13ab7662ead442b0edbfd1a27011c89ec3b4728d4bea54cc674bfd318
                                                                                      • Instruction ID: e3a876b409b2c17cd1a67a355f7a216466bc1c149b8bc9f4700f22bef2cd0368
                                                                                      • Opcode Fuzzy Hash: 160d70c13ab7662ead442b0edbfd1a27011c89ec3b4728d4bea54cc674bfd318
                                                                                      • Instruction Fuzzy Hash: F3511474A003449BDF24DFB4DD45BAE77B8FF01308F208619E962AB2D0EB71AA05CB55
                                                                                      Function 693DEEFE Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 104registryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 693DEF1F
                                                                                      • RegCreateKeyExW.ADVAPI32(80000002,SOFTWARE\Google\No Chrome Offer Until,00000000,00000000,00000000,0002001F,00000000,?,?), ref: 693DEF81
                                                                                      • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 693DEFD4
                                                                                      • RegCloseKey.ADVAPI32(?), ref: 693DF03D
                                                                                      Strings
                                                                                      • SOFTWARE\Google\No Chrome Offer Until, xrefs: 693DEF6F
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: CloseCreateFileModuleNameQueryValue
                                                                                      • String ID: SOFTWARE\Google\No Chrome Offer Until
                                                                                      • API String ID: 2815806617-1538224596
                                                                                      • Opcode ID: 9a7b5d3241e82416327277f10be175701adcc4806b9d388dfe55a1dac33cef52
                                                                                      • Instruction ID: a7f953b5d80ec7b562485e4aa6ce5b7e1a79b875322502471876975069e0606d
                                                                                      • Opcode Fuzzy Hash: 9a7b5d3241e82416327277f10be175701adcc4806b9d388dfe55a1dac33cef52
                                                                                      • Instruction Fuzzy Hash: 253130F6A5021CAADB30CB10DC59FEAB7BCEB05314F4041AAF618E6141D7715E89CE64
                                                                                      Function 693E6B55 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 78fileCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SetFilePointerEx.KERNEL32(693E6322,693E6322,0000001C,?,00000000), ref: 693E6B7A
                                                                                      • GetLastError.KERNEL32 ref: 693E6B93
                                                                                      • SetEndOfFile.KERNEL32(693E6322), ref: 693E6BE1
                                                                                      • GetLastError.KERNEL32 ref: 693E6BFA
                                                                                      Strings
                                                                                      • c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\file\file_io_win.cc, xrefs: 693E6BA0, 693E6C07
                                                                                      • SetFilePointerEx, xrefs: 693E6BB3
                                                                                      • SetEndOfFile, xrefs: 693E6C1A
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: ErrorFileLast$Pointer
                                                                                      • String ID: SetEndOfFile$SetFilePointerEx$c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\file\file_io_win.cc
                                                                                      • API String ID: 1697706070-3222943609
                                                                                      • Opcode ID: 758f153706f53219b3b5a82fe8af616c0f8be9eda566028f9f70756ce158f8bc
                                                                                      • Instruction ID: 98274d268812ab9a9e8243e858ae8e6fa039478b05d34b1ae8dad7c3c7ab24cd
                                                                                      • Opcode Fuzzy Hash: 758f153706f53219b3b5a82fe8af616c0f8be9eda566028f9f70756ce158f8bc
                                                                                      • Instruction Fuzzy Hash: B6216A3E900619BBEB00CFA2CD42FAD77ACEF0131CF409446F654760C2DB3359868524
                                                                                      Function 693B59B0 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 291COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 693B4CA0: AcquireSRWLockExclusive.KERNEL32(00000000,00000001,0000000F), ref: 693B4CBC
                                                                                        • Part of subcall function 693B4CA0: ReleaseSRWLockExclusive.KERNEL32(00000000), ref: 693B4D21
                                                                                        • Part of subcall function 693B4E80: AcquireSRWLockExclusive.KERNEL32(00000000,00000000,00000000,00000000), ref: 693B4EDB
                                                                                        • Part of subcall function 693B4E80: ReleaseSRWLockExclusive.KERNEL32(00000000), ref: 693B4F0A
                                                                                        • Part of subcall function 693B4E80: AcquireSRWLockExclusive.KERNEL32(00000000,00000000,00000000,00000000), ref: 693B4FCD
                                                                                        • Part of subcall function 693B4E80: ReleaseSRWLockExclusive.KERNEL32(00000000), ref: 693B500A
                                                                                      • AcquireSRWLockExclusive.KERNEL32(00000000), ref: 693B5BFA
                                                                                      • ReleaseSRWLockExclusive.KERNEL32(00000000), ref: 693B5C1E
                                                                                      • AcquireSRWLockExclusive.KERNEL32(00000000), ref: 693B5C47
                                                                                      • ReleaseSRWLockExclusive.KERNEL32(00000000), ref: 693B5C6B
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: ExclusiveLock$AcquireRelease
                                                                                      • String ID: Gp;i$Gp;i
                                                                                      • API String ID: 17069307-463139614
                                                                                      • Opcode ID: 6a47cbebd23c08086dc2d578f6c091dd6a10496d1da53059856a2e61f04921f9
                                                                                      • Instruction ID: 7cd688304120580c8bfc39245ce3624a594c438a704e9170e1d4dcf14352d219
                                                                                      • Opcode Fuzzy Hash: 6a47cbebd23c08086dc2d578f6c091dd6a10496d1da53059856a2e61f04921f9
                                                                                      • Instruction Fuzzy Hash: 41B1BF79E006099BCB05CF68C5E07AEB7F6BFA5304F148129D805EFB48DB369941CB95
                                                                                      Function 693D9DD6 Relevance: 10.7, APIs: 7, Instructions: 204COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: _free
                                                                                      • String ID:
                                                                                      • API String ID: 269201875-0
                                                                                      • Opcode ID: b15183f012ca1863411d11b9d7e30baa73b328cc41e6cc9c435fc8ea7ae741ee
                                                                                      • Instruction ID: 562ffd6be4c191e6592e5f17fddd846d40f51064a99ca3ef1dfa955bafd15d53
                                                                                      • Opcode Fuzzy Hash: b15183f012ca1863411d11b9d7e30baa73b328cc41e6cc9c435fc8ea7ae741ee
                                                                                      • Instruction Fuzzy Hash: CB61E277D05605EFDB20CFA8C861B9ABBF8FF45710F10846AE894EB280E7319D458B50
                                                                                      Function 693C9040 Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetConsoleCP.KERNEL32 ref: 693C9082
                                                                                      • __fassign.LIBCMT ref: 693C90FD
                                                                                      • __fassign.LIBCMT ref: 693C9118
                                                                                      • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,?,00000005,00000000,00000000), ref: 693C913E
                                                                                      • WriteFile.KERNEL32(?,?,00000000,693C97B5,00000000), ref: 693C915D
                                                                                      • WriteFile.KERNEL32(?,?,00000001,693C97B5,00000000), ref: 693C9196
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                      • String ID:
                                                                                      • API String ID: 1324828854-0
                                                                                      • Opcode ID: 5b3dd6411569ae8f47ea58e6178dca638526e655c0d2b35b60ea22a0bbad7e92
                                                                                      • Instruction ID: 2aa38759b368a8d5b9327abc2b2c1add32d60ec88b7d44ee7995c5d5d0467442
                                                                                      • Opcode Fuzzy Hash: 5b3dd6411569ae8f47ea58e6178dca638526e655c0d2b35b60ea22a0bbad7e92
                                                                                      • Instruction Fuzzy Hash: D351C275A00649DFDF10CFA8C84AAEEBBF8FF09314F11415AE965E7241D731A940CB62
                                                                                      Function 693BB420 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 146COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: false$null$true
                                                                                      • API String ID: 0-2913297407
                                                                                      • Opcode ID: d51b937ea9032beb3f25a4fb94b3708895e2a413a4ae5837236f0ae0c12ffd31
                                                                                      • Instruction ID: e63eea1639955bd1c5691ab198db40935e41c652b7beb2e63a3ceb2242c72767
                                                                                      • Opcode Fuzzy Hash: d51b937ea9032beb3f25a4fb94b3708895e2a413a4ae5837236f0ae0c12ffd31
                                                                                      • Instruction Fuzzy Hash: 9851E879900749DFDB10CF68D481B9AF7F4FF45304F00C65AC8A99B605EB31AA49CB51
                                                                                      Function 693E02FF Relevance: 10.6, APIs: 7, Instructions: 141sleepCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • CoInitializeEx.OLE32(00000000,00000002), ref: 693E0349
                                                                                      • CoUninitialize.OLE32 ref: 693E038E
                                                                                      • LaunchGoogleChrome.GCAPI(00000001,00000000,?,00000000), ref: 693E0381
                                                                                        • Part of subcall function 693DFFEC: CoInitializeEx.OLE32(00000000,00000002), ref: 693E0024
                                                                                        • Part of subcall function 693DFFEC: CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000006,00000002,00000000,00000040,00000000), ref: 693E0039
                                                                                        • Part of subcall function 693DFFEC: GetCurrentProcessId.KERNEL32(?), ref: 693E0064
                                                                                        • Part of subcall function 693DFFEC: GetShellWindow.USER32 ref: 693E0087
                                                                                        • Part of subcall function 693DFFEC: GetWindowThreadProcessId.USER32(00000000), ref: 693E008E
                                                                                        • Part of subcall function 693DFFEC: LocalFree.KERNEL32(?), ref: 693E00A2
                                                                                        • Part of subcall function 693DFFEC: CoUninitialize.OLE32 ref: 693E02D1
                                                                                      • CoUninitialize.OLE32 ref: 693E03AF
                                                                                      • LaunchGoogleChrome.GCAPI ref: 693E03C9
                                                                                      • EnumWindows.USER32(693DF056,?), ref: 693E044C
                                                                                      • Sleep.KERNEL32(0000000A), ref: 693E046A
                                                                                        • Part of subcall function 693A88E0: new.LIBCMT ref: 693A8900
                                                                                        • Part of subcall function 693A88E0: new.LIBCMT ref: 693A893C
                                                                                        • Part of subcall function 693A88E0: new.LIBCMT ref: 693A8979
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeUninitialize$ChromeGoogleLaunchProcessWindow$CurrentEnumFreeLocalSecurityShellSleepThreadWindows
                                                                                      • String ID:
                                                                                      • API String ID: 1477501081-0
                                                                                      • Opcode ID: c95768fe9f520e8f7e908c8f3b088d744b10bd8b9258a78d9716cab11f20dd2c
                                                                                      • Instruction ID: ecfd6b620ffa3b3bc8293a7eceb8873bb532e4a83e3d87b3f08aed3ab1ef2369
                                                                                      • Opcode Fuzzy Hash: c95768fe9f520e8f7e908c8f3b088d744b10bd8b9258a78d9716cab11f20dd2c
                                                                                      • Instruction Fuzzy Hash: 2C51AD76D0926C9FCF00CFA4E991AEEBBB8AF05324F10412AE861B7180DF715949CB60
                                                                                      Function 693E767F Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 139COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • ExpandEnvironmentStringsW.KERNEL32(%LOCALAPPDATA%,00000000,00000000,00000000,?,?,?,?,?,?,?,693E7616,?,693EFB90,000000FF,693F8A68), ref: 693E769E
                                                                                      • ExpandEnvironmentStringsW.KERNEL32(%LOCALAPPDATA%,00000000,00000000,?,?,?,?,?,693E7616,?,693EFB90,000000FF,693F8A68,00000000,Software\Google\Update\ClientState), ref: 693E76C8
                                                                                      • GetTempPathW.KERNEL32(00000000,00000000), ref: 693E76E9
                                                                                      • GetTempPathW.KERNEL32(00000001,00000000), ref: 693E7718
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: EnvironmentExpandPathStringsTemp
                                                                                      • String ID: %LOCALAPPDATA%$User Data
                                                                                      • API String ID: 442586119-612141592
                                                                                      • Opcode ID: 7087cd799a3318aaffc07516952c97b5eae72d91389e3f9c304beda76a081222
                                                                                      • Instruction ID: da35d6b3e1483c9246dfd89dea941b93073bec61cfe1b0f71dd12e57006ae128
                                                                                      • Opcode Fuzzy Hash: 7087cd799a3318aaffc07516952c97b5eae72d91389e3f9c304beda76a081222
                                                                                      • Instruction Fuzzy Hash: 5431267A6002206BDB18DA789C99E7F77BDDF42668B10912FF817DB191DF258C4182B4
                                                                                      Function 693DF1A9 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 112COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetFileVersionInfoSizeW.VERSION(?,?,?,00000000,00000000,?,693DEF48,?,?,00000208), ref: 693DF1D9
                                                                                      • GetFileVersionInfoW.VERSION(?,?,00002000,?,?,?,00000208), ref: 693DF217
                                                                                      • VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,?,?,?,00002000,?,?,?,00000208), ref: 693DF24A
                                                                                      • VerQueryValueW.VERSION(?,?,?,?,\VarFileInfo\Translation,?,?,?,?,00002000,?,?,?,00000208), ref: 693DF2C1
                                                                                      Strings
                                                                                      • \VarFileInfo\Translation, xrefs: 693DF23E
                                                                                      • \StringFileInfo\%02X%02X%02X%02X\CompanyName, xrefs: 693DF286
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: FileInfoQueryValueVersion$Size
                                                                                      • String ID: \StringFileInfo\%02X%02X%02X%02X\CompanyName$\VarFileInfo\Translation
                                                                                      • API String ID: 2099394744-937506062
                                                                                      • Opcode ID: 74ca6f244268bd41fb91a8b2141b8ff58c589806ffe03446cb8724640245529c
                                                                                      • Instruction ID: 6f20c82bd44c4dd06655ec208d7cdbbee8ce77d20d8707043d7a82b539a62431
                                                                                      • Opcode Fuzzy Hash: 74ca6f244268bd41fb91a8b2141b8ff58c589806ffe03446cb8724640245529c
                                                                                      • Instruction Fuzzy Hash: 3C3162FEA10228ABDB20DA55CC84DDB77BCAF45300F9051D6FA24E7541DA30DA48DB65
                                                                                      Function 693E411C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 98fileCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • CreateFileW.KERNEL32(?,C0000000,00000003,00000000,00000004,00000080,00000000), ref: 693E4149
                                                                                      • LockFileEx.KERNEL32(00000000,00000002,00000000,000000FF,000000FF,?), ref: 693E417F
                                                                                      • GetLastError.KERNEL32 ref: 693E4198
                                                                                      • new.LIBCMT ref: 693E41D9
                                                                                      Strings
                                                                                      • LockFileEx, xrefs: 693E41B8
                                                                                      • c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\client\crash_report_database_win.cc, xrefs: 693E41A5
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: File$CreateErrorLastLock
                                                                                      • String ID: LockFileEx$c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\client\crash_report_database_win.cc
                                                                                      • API String ID: 3875127904-1259685872
                                                                                      • Opcode ID: dfdee4c1ada9e7b4aec46714f4293bd37d597fceb1cdab672d08ac0850ddbe92
                                                                                      • Instruction ID: d7cdd0d4194cd029746c3e39c607d28d8b67f66d1f4573fbd58f2ccadb5886e2
                                                                                      • Opcode Fuzzy Hash: dfdee4c1ada9e7b4aec46714f4293bd37d597fceb1cdab672d08ac0850ddbe92
                                                                                      • Instruction Fuzzy Hash: B631D775604324BFDB20CFB8CD45BAAB7E8EF09724F10466AF665EB2D0D77099008B90
                                                                                      Function 693A7950 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 93COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: Getcvt
                                                                                      • String ID: false$true
                                                                                      • API String ID: 1921796781-2658103896
                                                                                      • Opcode ID: 3a1471d5f814f9844e7f8be0a72712c870142a2a4aa723d5ac9af5d637c5d579
                                                                                      • Instruction ID: 690ff86922dc966edb0942ac27222aa59855570ec18852941e17540c5dd428de
                                                                                      • Opcode Fuzzy Hash: 3a1471d5f814f9844e7f8be0a72712c870142a2a4aa723d5ac9af5d637c5d579
                                                                                      • Instruction Fuzzy Hash: A9315839D042449FDB14CFA8848076ABFB5EF56304F08C49EE9895F34AD377D90587A2
                                                                                      Function 693A73E0 Relevance: 10.6, APIs: 7, Instructions: 87COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 693A73EE
                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 693A740A
                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 693A742A
                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 693A7471
                                                                                      • std::_Facet_Register.LIBCPMT ref: 693A74AD
                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 693A74B8
                                                                                      • _abort.LIBCMT ref: 693A74C6
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: std::_$Lockit$Lockit::~_$Lockit::_$Facet_Register_abort
                                                                                      • String ID:
                                                                                      • API String ID: 954195503-0
                                                                                      • Opcode ID: 7018b22aa753b342a202fa2915c6b90d78f59e9e7a1f2b53fe0eff2b09eecb82
                                                                                      • Instruction ID: c2fa4bf98475e8a715b76618a1a2169db08df30f1402b89ce514096f3c59f15c
                                                                                      • Opcode Fuzzy Hash: 7018b22aa753b342a202fa2915c6b90d78f59e9e7a1f2b53fe0eff2b09eecb82
                                                                                      • Instruction Fuzzy Hash: 8931253AD002149FCB10EF58D5C494EBBB8EF55324B1091A9DC5ADB265DB31AE02CBC1
                                                                                      Function 693BE580 Relevance: 10.6, APIs: 7, Instructions: 87COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 693BE58E
                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 693BE5AA
                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 693BE5CA
                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 693BE611
                                                                                      • std::_Facet_Register.LIBCPMT ref: 693BE64D
                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 693BE658
                                                                                      • _abort.LIBCMT ref: 693BE666
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: std::_$Lockit$Lockit::~_$Lockit::_$Facet_Register_abort
                                                                                      • String ID:
                                                                                      • API String ID: 954195503-0
                                                                                      • Opcode ID: 1031391f54cd6510c487058572c33be90fab3fefc40b65b01d84d446ec87d949
                                                                                      • Instruction ID: 0159826565c6562c6594a6e67999b26ce3deeef33a5cfd248ccfd72fbc06ef4a
                                                                                      • Opcode Fuzzy Hash: 1031391f54cd6510c487058572c33be90fab3fefc40b65b01d84d446ec87d949
                                                                                      • Instruction Fuzzy Hash: BA31F739D012149FCB21EF5CD680AADB7B4EF65328B1091DAD8559FA15DB31EE02CBC1
                                                                                      Function 693A74E0 Relevance: 10.6, APIs: 7, Instructions: 87COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 693A74EE
                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 693A750A
                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 693A752A
                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 693A7571
                                                                                      • std::_Facet_Register.LIBCPMT ref: 693A75AD
                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 693A75B8
                                                                                      • _abort.LIBCMT ref: 693A75C6
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: std::_$Lockit$Lockit::~_$Lockit::_$Facet_Register_abort
                                                                                      • String ID:
                                                                                      • API String ID: 954195503-0
                                                                                      • Opcode ID: 841f5e388362964a1321f6c2b7f1a021ab5c30186c21c089232f54d7fa4ba7e5
                                                                                      • Instruction ID: 88dc35998ee3b005937a30b6f5fa960d84dce8bf3f9488af50baaf99f24ac0c6
                                                                                      • Opcode Fuzzy Hash: 841f5e388362964a1321f6c2b7f1a021ab5c30186c21c089232f54d7fa4ba7e5
                                                                                      • Instruction Fuzzy Hash: E031043AD002149FCB14EF98DEC0A9DB7B5EF59324B1491A9DC5A9B214DB31AE02CBC1
                                                                                      Function 693DA2AB Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 693D9FF2: _free.LIBCMT ref: 693DA01B
                                                                                      • _free.LIBCMT ref: 693DA2F9
                                                                                        • Part of subcall function 693CCBA5: HeapFree.KERNEL32(00000000,00000000), ref: 693CCBBB
                                                                                        • Part of subcall function 693CCBA5: GetLastError.KERNEL32(00000000,?,693DA020,00000000,00000000,00000000,00000000,?,693DA2C4,00000000,00000007,00000000,?,693D8081,00000000,00000000), ref: 693CCBCD
                                                                                      • _free.LIBCMT ref: 693DA304
                                                                                      • _free.LIBCMT ref: 693DA30F
                                                                                      • _free.LIBCMT ref: 693DA363
                                                                                      • _free.LIBCMT ref: 693DA36E
                                                                                      • _free.LIBCMT ref: 693DA379
                                                                                      • _free.LIBCMT ref: 693DA384
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: _free$ErrorFreeHeapLast
                                                                                      • String ID:
                                                                                      • API String ID: 776569668-0
                                                                                      • Opcode ID: 9f76696241dda59e37702b6c7b8591e1945ed59e411e7bea7a02caf6cd15d4c2
                                                                                      • Instruction ID: b620e0f58eaff8aaf17850126ab80d40f4ca9eba53439aa66db10a54c81d7fd2
                                                                                      • Opcode Fuzzy Hash: 9f76696241dda59e37702b6c7b8591e1945ed59e411e7bea7a02caf6cd15d4c2
                                                                                      • Instruction Fuzzy Hash: 3E114F76542F14EAEA21EFB0CC55FCBBBDCAF00705F40DC15E2DAA6050DB65B90E8651
                                                                                      Function 693C55A6 Relevance: 10.6, APIs: 7, Instructions: 60COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetLastError.KERNEL32(00000001,?,693C548D,693C0D47,693C093D,?,693C0B4D,?,00000001,?,?,00000001,?,693FB430,0000000C,693C0C56), ref: 693C55B4
                                                                                      • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 693C55C2
                                                                                      • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 693C55DB
                                                                                      • SetLastError.KERNEL32(00000000,693C0B4D,?,00000001,?,?,00000001,?,693FB430,0000000C,693C0C56,?,00000001,?), ref: 693C562D
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: ErrorLastValue___vcrt_
                                                                                      • String ID:
                                                                                      • API String ID: 3852720340-0
                                                                                      • Opcode ID: 747b3e16d3611c7e015d752038d47add6203451d7a37ea01f6ffe87f9c4493eb
                                                                                      • Instruction ID: 80e42c0a3fb032d90d19bcf5a909bcf6982733242db313a24304a98712948d5c
                                                                                      • Opcode Fuzzy Hash: 747b3e16d3611c7e015d752038d47add6203451d7a37ea01f6ffe87f9c4493eb
                                                                                      • Instruction Fuzzy Hash: 4301D83750DF92DEAB1055B47D49A0A3B6AEB43378F20122BF134C41D0EF565C11D35A
                                                                                      Function 693BF0D2 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 50COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
                                                                                      • API String ID: 0-1718035505
                                                                                      • Opcode ID: 4df4f3590b2e45d80c8cd46c558c51bec09a6451bcb0441929ab15791bc12dd7
                                                                                      • Instruction ID: a55bcdbae564d28e4f1bed2b455b315596bd6a47b8912b6881d9756eb2e35e5d
                                                                                      • Opcode Fuzzy Hash: 4df4f3590b2e45d80c8cd46c558c51bec09a6451bcb0441929ab15791bc12dd7
                                                                                      • Instruction Fuzzy Hash: B9012D79645372579F113D799C9898B17BCAA93365310647BE430DB604D733C805B6A0
                                                                                      Function 693B1BE9 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 41libraryloaderCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetModuleHandleW.KERNEL32(00000000,?,?,?,693B20CF), ref: 693B1C0E
                                                                                      • GetProcAddress.KERNEL32(00000000,GetHandleVerifier,?,?,?,693B20CF), ref: 693B1C1A
                                                                                        • Part of subcall function 693B2170: Sleep.KERNEL32(00000000,?,00000000,?,693B1BAC,?,?,?,693B1C9C,?,?,?,693B20CF), ref: 693B21B2
                                                                                      • AcquireSRWLockExclusive.KERNEL32(00000000), ref: 693B1C2C
                                                                                      • new.LIBCMT ref: 693B1C40
                                                                                      • ReleaseSRWLockExclusive.KERNEL32(00000000), ref: 693B1C57
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: ExclusiveLock$AcquireAddressHandleModuleProcReleaseSleep
                                                                                      • String ID: GetHandleVerifier
                                                                                      • API String ID: 2126384915-1090674830
                                                                                      • Opcode ID: 64365b668f0242266d0ddb0b7d148f7203b3a082a1e840311ab429a940c87549
                                                                                      • Instruction ID: 3ad3a07f523ffa846a16dd665152795fc607adac1187c1b1f320ddbaa38c60c8
                                                                                      • Opcode Fuzzy Hash: 64365b668f0242266d0ddb0b7d148f7203b3a082a1e840311ab429a940c87549
                                                                                      • Instruction Fuzzy Hash: FBF0F071904304ABEF109FB0DC4AB9A3B7CEB02364F10010AFA19DA140EB7A4D0086EA
                                                                                      Function 693C61B6 Relevance: 9.3, APIs: 6, Instructions: 264COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • __allrem.LIBCMT ref: 693C6343
                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 693C635F
                                                                                      • __allrem.LIBCMT ref: 693C6376
                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 693C6394
                                                                                      • __allrem.LIBCMT ref: 693C63AB
                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 693C63C9
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                      • String ID:
                                                                                      • API String ID: 1992179935-0
                                                                                      • Opcode ID: f7672b970583daad0a5493cda401f76377b1b79e7d24a194dd0dc409d21125cd
                                                                                      • Instruction ID: 68ac55fe10a1bfdbd82eed618729af93774487e4ec14c189a2cb2a77de005c7a
                                                                                      • Opcode Fuzzy Hash: f7672b970583daad0a5493cda401f76377b1b79e7d24a194dd0dc409d21125cd
                                                                                      • Instruction Fuzzy Hash: BE81D276A00F0BEBE310DE68CC91B6EB3E9AF4572CF10853AE491D6690EB71DD018752
                                                                                      Function 693BC070 Relevance: 9.2, APIs: 6, Instructions: 178COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 693BC2B0: Sleep.KERNEL32(00000000,?,?,?,693BC09F,?,00000000,?), ref: 693BC2F2
                                                                                      • AcquireSRWLockExclusive.KERNEL32(00000000,?,00000000,?), ref: 693BC0C4
                                                                                      • ReleaseSRWLockExclusive.KERNEL32(00000000,?,00000000,000000FF,?,?), ref: 693BC105
                                                                                        • Part of subcall function 693AF000: GetCurrentDirectoryW.KERNEL32(00000104,?,?), ref: 693AF02B
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: ExclusiveLock$AcquireCurrentDirectoryReleaseSleep
                                                                                      • String ID:
                                                                                      • API String ID: 1427338700-0
                                                                                      • Opcode ID: 5d22dd2b63c926df8214a05c6ad82c3dfe4dc42e76a0c33f0503235f7199f23c
                                                                                      • Instruction ID: 2efa8729aa5267aa55a85af3ac432a029213f1c7532ac34e8cd2a1700cecd6e2
                                                                                      • Opcode Fuzzy Hash: 5d22dd2b63c926df8214a05c6ad82c3dfe4dc42e76a0c33f0503235f7199f23c
                                                                                      • Instruction Fuzzy Hash: 7451D8356082419BDF34DF68C845FEEB3A4FF95314F00861EE4AE9B680DB316904CBA2
                                                                                      Function 693B4E80 Relevance: 9.1, APIs: 6, Instructions: 129COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • AcquireSRWLockExclusive.KERNEL32(00000000,00000000,00000000,00000000), ref: 693B4EDB
                                                                                      • ReleaseSRWLockExclusive.KERNEL32(00000000), ref: 693B4F0A
                                                                                      • AcquireSRWLockExclusive.KERNEL32(00000000,00000000,00000000,00000000), ref: 693B4F5A
                                                                                      • ReleaseSRWLockExclusive.KERNEL32(00000000), ref: 693B4F91
                                                                                      • AcquireSRWLockExclusive.KERNEL32(00000000,00000000,00000000,00000000), ref: 693B4FCD
                                                                                      • ReleaseSRWLockExclusive.KERNEL32(00000000), ref: 693B500A
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: ExclusiveLock$AcquireRelease
                                                                                      • String ID:
                                                                                      • API String ID: 17069307-0
                                                                                      • Opcode ID: ad7cbc6f63469c963bfe71018ebe150eaff44fde65270a65f70de706c439fd8d
                                                                                      • Instruction ID: 04891ea996d5e90ef56ba48f852d446cbf6501653d0cda80c1c38542c371fe80
                                                                                      • Opcode Fuzzy Hash: ad7cbc6f63469c963bfe71018ebe150eaff44fde65270a65f70de706c439fd8d
                                                                                      • Instruction Fuzzy Hash: 4D41E435E013119BCB10DF68C94875EB7B8EF65314F154159E899EB788DB309D00CB99
                                                                                      Function 693E2974 Relevance: 9.1, APIs: 1, Strings: 5, Instructions: 73COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,00000001), ref: 693E29F9
                                                                                      Strings
                                                                                      • c:\b\build\slave\win\build\src\chrome\installer\util\google_chrome_distribution.cc, xrefs: 693E2A03
                                                                                      • Failed to launch Edge for uninstall survey, xrefs: 693E2A16
                                                                                      • Ds?i, xrefs: 693E29C3
                                                                                      • <, xrefs: 693E29A4
                                                                                      • microsoft-edge:, xrefs: 693E2991
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: ErrorLast
                                                                                      • String ID: <$Ds?i$Failed to launch Edge for uninstall survey$c:\b\build\slave\win\build\src\chrome\installer\util\google_chrome_distribution.cc$microsoft-edge:
                                                                                      • API String ID: 1452528299-4184836021
                                                                                      • Opcode ID: 07b86dfb191d12e35a96ba0d71f402e89ef7a1879fbf48063be7218d27b646bd
                                                                                      • Instruction ID: 80a19c109ca32c7aa31807bec7a800311233feeb241feb2bb1127f01678ed7f5
                                                                                      • Opcode Fuzzy Hash: 07b86dfb191d12e35a96ba0d71f402e89ef7a1879fbf48063be7218d27b646bd
                                                                                      • Instruction Fuzzy Hash: CC21FF7894020CAFDB00CFA0CD42FEEB7B8EB05308F40901AE811AA281DB319A0ACB51
                                                                                      Function 693CFBB0 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetLastError.KERNEL32(00000008,693A1DE7,693CEBE2,693C5DC7), ref: 693CFBB4
                                                                                      • _free.LIBCMT ref: 693CFBE7
                                                                                      • _free.LIBCMT ref: 693CFC0F
                                                                                      • SetLastError.KERNEL32(00000000,00000008,693A1DE7), ref: 693CFC1C
                                                                                      • SetLastError.KERNEL32(00000000,00000008,693A1DE7), ref: 693CFC28
                                                                                      • _abort.LIBCMT ref: 693CFC2E
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: ErrorLast$_free$_abort
                                                                                      • String ID:
                                                                                      • API String ID: 3160817290-0
                                                                                      • Opcode ID: 5de192b5883786eb6e412c43cff1ba804453e0de14bd91471ead7fbd8eccf6f6
                                                                                      • Instruction ID: 5f2783616f2cf1b650bdfac8a6a220317432499de6dca7b123e535c98db37bdc
                                                                                      • Opcode Fuzzy Hash: 5de192b5883786eb6e412c43cff1ba804453e0de14bd91471ead7fbd8eccf6f6
                                                                                      • Instruction Fuzzy Hash: F8F0283E208E40E7DA0252286E0CF1A367E9FC2777F21C415F8B4D2280EF21CC02A163
                                                                                      Function 693AF520 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 203COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: vector<T> too long
                                                                                      • API String ID: 0-3788999226
                                                                                      • Opcode ID: d75220773bd9ac3d60a0f1488109552c6ccafc6508772f27450ed34deed39078
                                                                                      • Instruction ID: 6b1274d1f3f3582733800b9327bbc4d68ff80e9f59f6cb652627973e2a893610
                                                                                      • Opcode Fuzzy Hash: d75220773bd9ac3d60a0f1488109552c6ccafc6508772f27450ed34deed39078
                                                                                      • Instruction Fuzzy Hash: 17512A766047029BDB10CEA88D80F5FB7E9EF84364F104629F9A8972D0EB72DD049752
                                                                                      Function 693A20B0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 164fileCOMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: CloseDeleteFileHandle
                                                                                      • String ID: vmodule
                                                                                      • API String ID: 2633145722-2939338212
                                                                                      • Opcode ID: f3cb55c0a2041e1ac5df97d3a71670769fa7ecac6e0e1e595727d7282da608a4
                                                                                      • Instruction ID: d8a9ab4d2b40f18bdafc4588064c785042d7b5df1bcebebb7e300eb4f34ceec9
                                                                                      • Opcode Fuzzy Hash: f3cb55c0a2041e1ac5df97d3a71670769fa7ecac6e0e1e595727d7282da608a4
                                                                                      • Instruction Fuzzy Hash: 1051DFB56083809FCB04DF65D544B5BBBF9FF86308F00891DE9A58B290DB76D846CB92
                                                                                      Function 693E4485 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 126COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetFileAttributesW.KERNEL32(693EFB90,00000000,00000000,00000004), ref: 693E44B0
                                                                                      • GetLastError.KERNEL32 ref: 693E44CE
                                                                                      Strings
                                                                                      • : not a directory, xrefs: 693E4571
                                                                                      • c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\client\crash_report_database_win.cc, xrefs: 693E44DB, 693E4561
                                                                                      • GetFileAttributes , xrefs: 693E4507, 693E4592
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: AttributesErrorFileLast
                                                                                      • String ID: : not a directory$GetFileAttributes $c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\client\crash_report_database_win.cc
                                                                                      • API String ID: 1799206407-2199784763
                                                                                      • Opcode ID: f6c81b6a78fda1ff45bc324b57c01bc3bf9aa5aa7b82a8ad7458e6d264d8622a
                                                                                      • Instruction ID: fa57764dea15c33ffee6a76c3d5fa133272ffd6fea14da805348618e63857ac5
                                                                                      • Opcode Fuzzy Hash: f6c81b6a78fda1ff45bc324b57c01bc3bf9aa5aa7b82a8ad7458e6d264d8622a
                                                                                      • Instruction Fuzzy Hash: B1315A36A403146ADB04DBB4EC5AFBE73ACDF05328F50924BF565670C1EF326D458664
                                                                                      Function 693CD347 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 116COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\f_0002b5.exe,00000104), ref: 693CD387
                                                                                      • _free.LIBCMT ref: 693CD452
                                                                                      • _free.LIBCMT ref: 693CD45C
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: _free$FileModuleName
                                                                                      • String ID: (,D$C:\Users\user\Desktop\f_0002b5.exe
                                                                                      • API String ID: 2506810119-3693069944
                                                                                      • Opcode ID: edb4d35857e018bc6c134787994b53957a749c096a58c457a70d91ad6866f98c
                                                                                      • Instruction ID: cf57dae90882c9ec3d87cbeb37124f82ff1aaddfa5c84c7b1e10554a5ce64ba1
                                                                                      • Opcode Fuzzy Hash: edb4d35857e018bc6c134787994b53957a749c096a58c457a70d91ad6866f98c
                                                                                      • Instruction Fuzzy Hash: DB318D75A40A48EFDB21DB999980DAFBBFCEB86314B008067F96497200DB719E41CB52
                                                                                      Function 693C5300 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 115COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • _ValidateLocalCookies.LIBCMT ref: 693C532B
                                                                                      • __IsNonwritableInCurrentImage.LIBCMT ref: 693C53A5
                                                                                        • Part of subcall function 693DE550: __FindPESection.LIBCMT ref: 693DE5A9
                                                                                      • _ValidateLocalCookies.LIBCMT ref: 693C5419
                                                                                      • _ValidateLocalCookies.LIBCMT ref: 693C5444
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: CookiesLocalValidate$CurrentFindImageNonwritableSection
                                                                                      • String ID: csm
                                                                                      • API String ID: 1685366865-1018135373
                                                                                      • Opcode ID: ea6706fa664757fe85f83c8323ef9e2e0283d52572b0530d7f03d7c2ec88e2f1
                                                                                      • Instruction ID: 242411866b60256d08299e23c90e453ff43ef9c58c84cbf47a5350b80771b08b
                                                                                      • Opcode Fuzzy Hash: ea6706fa664757fe85f83c8323ef9e2e0283d52572b0530d7f03d7c2ec88e2f1
                                                                                      • Instruction Fuzzy Hash: 9A41C434A08619EBCB00CF58C880A9EBFB5BF45328F50C195D864DB241D772ED01CB92
                                                                                      Function 693E421A Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 87COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • CreateDirectoryW.KERNEL32(693EFB90,00000000,?,00000000,00000004), ref: 693E4247
                                                                                      • GetLastError.KERNEL32(?,00000000,00000004), ref: 693E4258
                                                                                      • GetLastError.KERNEL32(?,00000000,00000004), ref: 693E4278
                                                                                      Strings
                                                                                      • CreateDirectory , xrefs: 693E42B1
                                                                                      • c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\client\crash_report_database_win.cc, xrefs: 693E4285
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: ErrorLast$CreateDirectory
                                                                                      • String ID: CreateDirectory $c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\client\crash_report_database_win.cc
                                                                                      • API String ID: 1306683694-1373056967
                                                                                      • Opcode ID: 4f11632744521b8d176eee3107fad4066bb05054bdaef3020df94552184d010f
                                                                                      • Instruction ID: cef01da79411904187207a627b2d6bbe01c7c89a313ce4941e27bede1857ba47
                                                                                      • Opcode Fuzzy Hash: 4f11632744521b8d176eee3107fad4066bb05054bdaef3020df94552184d010f
                                                                                      • Instruction Fuzzy Hash: 8C21FF39A00314AADB00DAA9EC5AFBE73ACEB4A324F50811BF465A71C1DB25A8458665
                                                                                      Function 693E691E Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 76COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • __vwprintf_l.LIBCMT ref: 693E6946
                                                                                      • GetLastError.KERNEL32(?,0000001C,0000001C,00000000), ref: 693E6963
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: ErrorLast__vwprintf_l
                                                                                      • String ID: CreateFile $J`>i$c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\file\file_io_win.cc
                                                                                      • API String ID: 3407089876-1660733093
                                                                                      • Opcode ID: f14fe3e0b9a8b76e059fd5368538775409dedd87550caae0a76849fdb16a272a
                                                                                      • Instruction ID: 0b02af0ca3a66cb7768ea861e7c895f55dd82312e1f39213d07611315c60ea04
                                                                                      • Opcode Fuzzy Hash: f14fe3e0b9a8b76e059fd5368538775409dedd87550caae0a76849fdb16a272a
                                                                                      • Instruction Fuzzy Hash: CB11277AA003086EDF00DBB4DC46FAE73A9EF00318F50811AFA60671C1EB325D048264
                                                                                      Function 693C9EEF Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,693C9EA0,693A1DE7,?,693C9E40,693A1DE7,693FB670,0000000C,693C9F88,693A1DE7,00000002), ref: 693C9F0F
                                                                                      • GetProcAddress.KERNEL32(00000000,CorExitProcess,00000000,?,?,?,693C9EA0,693A1DE7,?,693C9E40,693A1DE7,693FB670,0000000C,693C9F88,693A1DE7,00000002), ref: 693C9F22
                                                                                      • FreeLibrary.KERNEL32(00000000,?,?,?,693C9EA0,693A1DE7,?,693C9E40,693A1DE7,693FB670,0000000C,693C9F88,693A1DE7,00000002,00000000), ref: 693C9F45
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: AddressFreeHandleLibraryModuleProc
                                                                                      • String ID: CorExitProcess$mscoree.dll
                                                                                      • API String ID: 4061214504-1276376045
                                                                                      • Opcode ID: 372ccc48476e12573e8332aecd1d624af6f0af6414e1affc297233911367d8af
                                                                                      • Instruction ID: 83bd7fcfdd3cbce7d554829fef8c038c134b178e1f88c6554186bd99b60180f7
                                                                                      • Opcode Fuzzy Hash: 372ccc48476e12573e8332aecd1d624af6f0af6414e1affc297233911367d8af
                                                                                      • Instruction Fuzzy Hash: 87F0AF30914A18FBCF119F90C808BADBFB8FB45312F41406AF829E6240CB358D41CB91
                                                                                      Function 693CDD5F Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 28COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 693CDDC4: _free.LIBCMT ref: 693CDDF9
                                                                                      • _free.LIBCMT ref: 693CDD7A
                                                                                        • Part of subcall function 693CCBA5: HeapFree.KERNEL32(00000000,00000000), ref: 693CCBBB
                                                                                        • Part of subcall function 693CCBA5: GetLastError.KERNEL32(00000000,?,693DA020,00000000,00000000,00000000,00000000,?,693DA2C4,00000000,00000007,00000000,?,693D8081,00000000,00000000), ref: 693CCBCD
                                                                                      • _free.LIBCMT ref: 693CDD8D
                                                                                      • _free.LIBCMT ref: 693CDD9E
                                                                                      • _free.LIBCMT ref: 693CDDAF
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: _free$ErrorFreeHeapLast
                                                                                      • String ID: ?i
                                                                                      • API String ID: 776569668-4174197972
                                                                                      • Opcode ID: 18204f56929c814247b8f87887c2f06a99a2b5c0ca8b2b03ef8c02abc3739111
                                                                                      • Instruction ID: 8ac1d9b2363c418bf9784d82963ab77cb21a0b65d4cf859751d61596e73ca93c
                                                                                      • Opcode Fuzzy Hash: 18204f56929c814247b8f87887c2f06a99a2b5c0ca8b2b03ef8c02abc3739111
                                                                                      • Instruction Fuzzy Hash: 40F0A078811BA4EFDE229F90FC08C293FAEEB463043009D16F86063E14DB361A118AD7
                                                                                      Function 693D45ED Relevance: 7.7, APIs: 5, Instructions: 222COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d240f46fa0add908ecb8d4bf191ea48271defd78732df045bf0c9b068121f4d9
                                                                                      • Instruction ID: 37fbff582bf203e6cdbd31da652d1da8543440183e119456e7dc912efced6730
                                                                                      • Opcode Fuzzy Hash: d240f46fa0add908ecb8d4bf191ea48271defd78732df045bf0c9b068121f4d9
                                                                                      • Instruction Fuzzy Hash: 6471A637D00296DBDB11CF54C8989AEBBB5FF423A4F144229E465A71C0D7728E49CBA1
                                                                                      Function 693D057E Relevance: 7.7, APIs: 5, Instructions: 171timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,693EF9F4), ref: 693D05E8
                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,693FEC4C,000000FF,00000000,0000003F,00000000,?,?), ref: 693D0660
                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,693FECA0,000000FF,?,0000003F,00000000,?), ref: 693D068D
                                                                                      • _free.LIBCMT ref: 693D05D6
                                                                                        • Part of subcall function 693CCBA5: HeapFree.KERNEL32(00000000,00000000), ref: 693CCBBB
                                                                                        • Part of subcall function 693CCBA5: GetLastError.KERNEL32(00000000,?,693DA020,00000000,00000000,00000000,00000000,?,693DA2C4,00000000,00000007,00000000,?,693D8081,00000000,00000000), ref: 693CCBCD
                                                                                      • _free.LIBCMT ref: 693D07A2
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: ByteCharMultiWide_free$ErrorFreeHeapInformationLastTimeZone
                                                                                      • String ID:
                                                                                      • API String ID: 1286116820-0
                                                                                      • Opcode ID: a8e782385b730e16a818f04956b84bf5ccc6b60cf19405d18923f19c401e752a
                                                                                      • Instruction ID: d1c5cae5194cd538730060bbde7408676a4b2525b99f7a46bca81d9294de8eb4
                                                                                      • Opcode Fuzzy Hash: a8e782385b730e16a818f04956b84bf5ccc6b60cf19405d18923f19c401e752a
                                                                                      • Instruction Fuzzy Hash: D251F377900209EBDB10DF68CD909AE7BBCFF82764B10426AF4A4A7180EB309E44CB51
                                                                                      Function 693CDB10 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: _free
                                                                                      • String ID:
                                                                                      • API String ID: 269201875-0
                                                                                      • Opcode ID: 682aeeb13c5864bac8dd23ceed1d99794c12102c4d9f6ee4a7127d6f8536c45e
                                                                                      • Instruction ID: 029a735013b00e62c9b3fb21cf70dabe871be85748bc5e48a252d71f5ce291dc
                                                                                      • Opcode Fuzzy Hash: 682aeeb13c5864bac8dd23ceed1d99794c12102c4d9f6ee4a7127d6f8536c45e
                                                                                      • Instruction Fuzzy Hash: F441C17AA40A00EBDB14CF78C981A5EB7F5EF85314F1185AAE965EF241DB31AD01CB81
                                                                                      Function 693D2171 Relevance: 7.6, APIs: 5, Instructions: 109COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: _free
                                                                                      • String ID:
                                                                                      • API String ID: 269201875-0
                                                                                      • Opcode ID: 9514c03c8d8314c7414f849ccc14be4b1e0ba29b34fcabce315d4b47c28ecd4b
                                                                                      • Instruction ID: c32196356ecd1eaeadccef4ef569aa5709982a80a80b4dab5730a1e676b18c27
                                                                                      • Opcode Fuzzy Hash: 9514c03c8d8314c7414f849ccc14be4b1e0ba29b34fcabce315d4b47c28ecd4b
                                                                                      • Instruction Fuzzy Hash: 1141C632604B00DFEB55CF69CA51B5577F0FF99324B10866DE48AD6290E732DA47CB40
                                                                                      Function 693E6578 Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 87COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 693E6D68: ReadFile.KERNEL32(00000028,00000000,0000001C,0000001C,00000000), ref: 693E6D8A
                                                                                        • Part of subcall function 693E6D68: GetLastError.KERNEL32(?,?,693E60D0,0000001C,00000000,00000028), ref: 693E6D94
                                                                                        • Part of subcall function 693E6D68: GetLastError.KERNEL32(?,?,693E60D0,0000001C,00000000,00000028), ref: 693E6D9F
                                                                                      • GetLastError.KERNEL32(?,0000001C,00000000,00000000), ref: 693E65B7
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: ErrorLast$FileRead
                                                                                      • String ID: , observed $c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\file\file_io.cc$read$read: expected
                                                                                      • API String ID: 3644057887-3298404683
                                                                                      • Opcode ID: b3417d333fce315a6589c0dbccdbf6d7e465540103018ab3e5b4126b3addf5d7
                                                                                      • Instruction ID: b96f99fd634b982184ad4ace4df458ef51271b4bb2c802edc3509c8cd5edf584
                                                                                      • Opcode Fuzzy Hash: b3417d333fce315a6589c0dbccdbf6d7e465540103018ab3e5b4126b3addf5d7
                                                                                      • Instruction Fuzzy Hash: 8021273A6403243AEF249A69DD1AFAE7359EF0172CF50909AFA957A1C2DF3299424064
                                                                                      Function 693E6663 Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 87COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 693E6DDA: WriteFile.KERNEL32(0000001C,000000FF,693E6334,00000000,00000000), ref: 693E6DF1
                                                                                      • GetLastError.KERNEL32(?,000000FF,0000001C,00000001), ref: 693E66A2
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: ErrorFileLastWrite
                                                                                      • String ID: , observed $c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\file\file_io.cc$write$write: expected
                                                                                      • API String ID: 442123175-2204066763
                                                                                      • Opcode ID: b4e6e25886d9c578c54b539f425a57995ce87b26528244f2b8ecf085c338cea0
                                                                                      • Instruction ID: 49f6a5ea36f52054ed84b86286af121b9ec724684b7d99a3aa39b9c00f2bf8a2
                                                                                      • Opcode Fuzzy Hash: b4e6e25886d9c578c54b539f425a57995ce87b26528244f2b8ecf085c338cea0
                                                                                      • Instruction Fuzzy Hash: D2216D3A5403257BEF14EA65ED0AFAE3359DF0172CF40904AFA942A1C2DF335D424064
                                                                                      Function 693D774E Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetEnvironmentStringsW.KERNEL32 ref: 693D7757
                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 693D777A
                                                                                        • Part of subcall function 693CC844: HeapAlloc.KERNEL32(00000000,0000010C,00000004,?,693CC8A7,?,00000000,?,693D7B70,0000010C,00000004,?,0000010C,?,?,693CDB9D), ref: 693CC876
                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 693D77A0
                                                                                      • _free.LIBCMT ref: 693D77B3
                                                                                      • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 693D77C2
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: ByteCharEnvironmentMultiStringsWide$AllocFreeHeap_free
                                                                                      • String ID:
                                                                                      • API String ID: 2278895681-0
                                                                                      • Opcode ID: 537dcc780af265313ca48fff814ed32ad0889c413887de91e80088128f0f860e
                                                                                      • Instruction ID: 305d84b450f5aa348dd5c6a44d17ddb00bd7de33df04bf6e63108767dbedf5a1
                                                                                      • Opcode Fuzzy Hash: 537dcc780af265313ca48fff814ed32ad0889c413887de91e80088128f0f860e
                                                                                      • Instruction Fuzzy Hash: 780184B76016557B7B2245BA5C9CC7B3AFDEAC7AA13110929FD25D6200DB618C0581B0
                                                                                      Function 693CFC9E Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetLastError.KERNEL32(00000000,00000000,00000000,693C60F1,00000000,?,?,693C6175,00000000,00000000,00000000,00000000,00000000,0000010C,693B22CA), ref: 693CFCA3
                                                                                      • _free.LIBCMT ref: 693CFCD8
                                                                                      • _free.LIBCMT ref: 693CFCFF
                                                                                      • SetLastError.KERNEL32(00000000,00000000,0000010C,693B22CA), ref: 693CFD0C
                                                                                      • SetLastError.KERNEL32(00000000,00000000,0000010C,693B22CA), ref: 693CFD15
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: ErrorLast$_free
                                                                                      • String ID:
                                                                                      • API String ID: 3170660625-0
                                                                                      • Opcode ID: 99f1f38b490056cf6b2ef4b42fba619fe8dc75ff90abd49cba9cc6226a19c144
                                                                                      • Instruction ID: 56de48e880db2716c18e986f5f1ae6b7fbf0b2b94b12d1714931c8de415d2ad7
                                                                                      • Opcode Fuzzy Hash: 99f1f38b490056cf6b2ef4b42fba619fe8dc75ff90abd49cba9cc6226a19c144
                                                                                      • Instruction Fuzzy Hash: 8401F93A244E41F7DB1256686E4CE0B367DABC33BA3318025F860D2284DF328C05A173
                                                                                      Function 693D9D6D Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • _free.LIBCMT ref: 693D9D85
                                                                                        • Part of subcall function 693CCBA5: HeapFree.KERNEL32(00000000,00000000), ref: 693CCBBB
                                                                                        • Part of subcall function 693CCBA5: GetLastError.KERNEL32(00000000,?,693DA020,00000000,00000000,00000000,00000000,?,693DA2C4,00000000,00000007,00000000,?,693D8081,00000000,00000000), ref: 693CCBCD
                                                                                      • _free.LIBCMT ref: 693D9D97
                                                                                      • _free.LIBCMT ref: 693D9DA9
                                                                                      • _free.LIBCMT ref: 693D9DBB
                                                                                      • _free.LIBCMT ref: 693D9DCD
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: _free$ErrorFreeHeapLast
                                                                                      • String ID:
                                                                                      • API String ID: 776569668-0
                                                                                      • Opcode ID: 0b8a99427f36f959c90a6e8ced54fe54f61c852f848083218442a9ca7dc2a0b8
                                                                                      • Instruction ID: 53209553841f4cf5959890ccb0158110522c9c4aa66804342c20621863c1af08
                                                                                      • Opcode Fuzzy Hash: 0b8a99427f36f959c90a6e8ced54fe54f61c852f848083218442a9ca7dc2a0b8
                                                                                      • Instruction Fuzzy Hash: 60F09032505B44DBDE40DF98F1A5C0B77EDBA813143608C0AF0B8E7600CB31FC848AA0
                                                                                      Function 693DF4F1 Relevance: 7.5, APIs: 5, Instructions: 40COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 693DF564: GetVersionExW.KERNEL32(0000011C), ref: 693DF59E
                                                                                        • Part of subcall function 693DF711: AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000), ref: 693DF744
                                                                                        • Part of subcall function 693DF711: CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 693DF759
                                                                                        • Part of subcall function 693DF711: FreeSid.ADVAPI32(?), ref: 693DF769
                                                                                      • GetCurrentProcess.KERNEL32(00000008,?), ref: 693DF50F
                                                                                      • OpenProcessToken.ADVAPI32(00000000), ref: 693DF516
                                                                                      • GetTokenInformation.ADVAPI32(?,00000012(TokenIntegrityLevel),?,00000004,00000000), ref: 693DF53A
                                                                                      • CloseHandle.KERNEL32(?), ref: 693DF547
                                                                                      • CloseHandle.KERNEL32(?), ref: 693DF553
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: Token$CloseHandleProcess$AllocateCheckCurrentFreeInformationInitializeMembershipOpenVersion
                                                                                      • String ID:
                                                                                      • API String ID: 3927590866-0
                                                                                      • Opcode ID: 3124eb8e15bd92e09ccc9926a14e5685618e06f73040b2dc817ec6807f35e078
                                                                                      • Instruction ID: fa124134dffc2589473c1771dbdd971273909d0c7b495408c0faaa4d2129c2e0
                                                                                      • Opcode Fuzzy Hash: 3124eb8e15bd92e09ccc9926a14e5685618e06f73040b2dc817ec6807f35e078
                                                                                      • Instruction Fuzzy Hash: 35F08176910208FBDF10DFF08999BED7BBDAF05315F404091E914D2040D7314A0CEB21
                                                                                      Function 693AF2B0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 182COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • std::_Xinvalid_argument.LIBCPMT ref: 693AF453
                                                                                      • std::_Xinvalid_argument.LIBCPMT ref: 693AF45D
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: Xinvalid_argumentstd::_
                                                                                      • String ID: invalid string position$string too long
                                                                                      • API String ID: 909987262-4289949731
                                                                                      • Opcode ID: 371be3c3185086ddcce9dbd3e11d5f22dfd683de0259093e01c8f37b250b88e5
                                                                                      • Instruction ID: 97cc7bc56614d320abb8b9f86964f5bfa27dcf83b16185d389a3fa22955f6d5e
                                                                                      • Opcode Fuzzy Hash: 371be3c3185086ddcce9dbd3e11d5f22dfd683de0259093e01c8f37b250b88e5
                                                                                      • Instruction Fuzzy Hash: E351BD72604209DFCB14DF5DD8C085EB3E9FF943457204A2EE856CB2A0EB31E951DBA1
                                                                                      Function 693A6750 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 172COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • std::_Xinvalid_argument.LIBCPMT ref: 693A684A
                                                                                      • std::_Xinvalid_argument.LIBCPMT ref: 693A6854
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: Xinvalid_argumentstd::_
                                                                                      • String ID: invalid string position$string too long
                                                                                      • API String ID: 909987262-4289949731
                                                                                      • Opcode ID: 85e5145867b740a5bd69649b624158b8638bda9c98b92a0173ef9a9d083e6254
                                                                                      • Instruction ID: 86bf025a7c5fbecb4742f0688c5ff5dab138aead196ba347952f790a6695f6fe
                                                                                      • Opcode Fuzzy Hash: 85e5145867b740a5bd69649b624158b8638bda9c98b92a0173ef9a9d083e6254
                                                                                      • Instruction Fuzzy Hash: 6551E2367142149FD724CF6CE89095AB7EEFF947687104A2EE4A6CB250DB31EC41C7A1
                                                                                      Function 693D6ADE Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 168COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • _strpbrk.LIBCMT ref: 693D6B2D
                                                                                      • _free.LIBCMT ref: 693D6C4A
                                                                                        • Part of subcall function 693C6183: IsProcessorFeaturePresent.KERNEL32(00000017), ref: 693C6185
                                                                                        • Part of subcall function 693C6183: GetCurrentProcess.KERNEL32(C0000417,00000000,0000010C,693B22CA), ref: 693C61A7
                                                                                        • Part of subcall function 693C6183: TerminateProcess.KERNEL32(00000000), ref: 693C61AE
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: Process$CurrentFeaturePresentProcessorTerminate_free_strpbrk
                                                                                      • String ID: *?$.
                                                                                      • API String ID: 2812119850-3972193922
                                                                                      • Opcode ID: 41fc6043a840425796afd405c4b571990f4f1fc6203f5ab5936051dd2d745751
                                                                                      • Instruction ID: ba3d0d2bc4d5805e36a9dfb60ae8c97de9c4083e7e4f61602f80a8e0d4062c4e
                                                                                      • Opcode Fuzzy Hash: 41fc6043a840425796afd405c4b571990f4f1fc6203f5ab5936051dd2d745751
                                                                                      • Instruction Fuzzy Hash: 9C51C676E04509EFDB04CFA9C991AADFBF5FF48318F248169D864E7340D736AA058B50
                                                                                      Function 693A77C0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 159COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • std::_Xinvalid_argument.LIBCPMT ref: 693A793F
                                                                                      • std::_Xinvalid_argument.LIBCPMT ref: 693A7949
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: Xinvalid_argumentstd::_
                                                                                      • String ID: invalid string position$string too long
                                                                                      • API String ID: 909987262-4289949731
                                                                                      • Opcode ID: 6d25ce7d5c004a2378f24ee2f7f76a74a5bb7e011be073c45b74f42faeb12bcf
                                                                                      • Instruction ID: 4824c177c4cb2087819ca2b74874ceace55bbea899ce8c8b07289f1342dc9a1a
                                                                                      • Opcode Fuzzy Hash: 6d25ce7d5c004a2378f24ee2f7f76a74a5bb7e011be073c45b74f42faeb12bcf
                                                                                      • Instruction Fuzzy Hash: 1B51C036F102048FD724CE1CD8C195EB7AAFF91764B104A2EE4A6CB689D731EC41CBA1
                                                                                      Function 693D530A Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 147COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 693D5463
                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 693D5478
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                      • String ID: R=i$R=i
                                                                                      • API String ID: 885266447-689079625
                                                                                      • Opcode ID: 527cf51b3f717ea8b7eb850ae553d25548296c70f6cdadd913d74db8ee74d577
                                                                                      • Instruction ID: 875ebbc16b5553eb5889a6aad14b6f2a50f4bb00f8639960bd72ba01b245e962
                                                                                      • Opcode Fuzzy Hash: 527cf51b3f717ea8b7eb850ae553d25548296c70f6cdadd913d74db8ee74d577
                                                                                      • Instruction Fuzzy Hash: 5D51AD32A04248AFCB04CF98C9A0EAEBBF2FF84324F19C259E818D7365D7719915CB41
                                                                                      Function 693B5460 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 128COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 693B3390: Sleep.KERNEL32(00000000), ref: 693B33D2
                                                                                      • AcquireSRWLockExclusive.KERNEL32(00000000,00000001,0000000F), ref: 693B5480
                                                                                      • ReleaseSRWLockExclusive.KERNEL32(00000000), ref: 693B54E5
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: ExclusiveLock$AcquireReleaseSleep
                                                                                      • String ID: Of;i$Of;i
                                                                                      • API String ID: 190390962-3347684999
                                                                                      • Opcode ID: b8f8c70f072879c1cd4019782f26e13131b00b2400e4b14634dabb642ca22da9
                                                                                      • Instruction ID: 9bc448dafd9eae7ac68757cd5d1357470cfe6d1281ce37b59db572b3a629c2b3
                                                                                      • Opcode Fuzzy Hash: b8f8c70f072879c1cd4019782f26e13131b00b2400e4b14634dabb642ca22da9
                                                                                      • Instruction Fuzzy Hash: 8D419EB6A007058BDB10CF69D48475ABBF9FB98315F10867ED46ADBB84DB71E904CB80
                                                                                      Function 693A6910 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 113COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • std::_Xinvalid_argument.LIBCPMT ref: 693A6A09
                                                                                      • std::_Xinvalid_argument.LIBCPMT ref: 693A6A13
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: Xinvalid_argumentstd::_
                                                                                      • String ID: invalid string position$string too long
                                                                                      • API String ID: 909987262-4289949731
                                                                                      • Opcode ID: 359615f5930396163da9b79b2aef220791838840dcca98c5834cad222713b989
                                                                                      • Instruction ID: ad1bae2b0d931f0fdde9eeec102d757246bf3f6ad0ec621c0e8fb52464590b83
                                                                                      • Opcode Fuzzy Hash: 359615f5930396163da9b79b2aef220791838840dcca98c5834cad222713b989
                                                                                      • Instruction Fuzzy Hash: 3D31E5363106149FD724CF5DD880A5EB7EAFFD166CB208A2EE5A5CB390C731E84187A1
                                                                                      Function 693A1F20 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 112fileCOMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • new.LIBCMT ref: 693A1F48
                                                                                        • Part of subcall function 693A1E30: GetModuleFileNameW.KERNEL32(00000000,?,00000104,?), ref: 693A1E54
                                                                                      • CreateFileW.KERNEL32(?,00000004,00000003,00000000,00000004,00000080,00000000), ref: 693A1F81
                                                                                      • CreateFileW.KERNEL32(?,00000004,00000003,00000000,00000004,00000080,00000000), ref: 693A2032
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: File$Create$ModuleName
                                                                                      • String ID: debug.log
                                                                                      • API String ID: 253491666-600467936
                                                                                      • Opcode ID: dd08a8f312bb9e6f066bea54f56dbf32ca8bd68a268805ee59edd7160f17ac93
                                                                                      • Instruction ID: 32a9b907b8dde23a17199ee04789c36aabc275304043aeec0da1b1f65b7af456
                                                                                      • Opcode Fuzzy Hash: dd08a8f312bb9e6f066bea54f56dbf32ca8bd68a268805ee59edd7160f17ac93
                                                                                      • Instruction Fuzzy Hash: 2941DFB4A00244ABDF14DFB0DD45BAE77B8FF01318F208219E922EB2E0DB759905CB49
                                                                                      Function 693B5030 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 109COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Gp;i$ZZ;i
                                                                                      • API String ID: 0-2352201578
                                                                                      • Opcode ID: 3992e1e19c36011cdd093f6dea84fb7bdf1395c4627eeea15b698b07ac78f8ae
                                                                                      • Instruction ID: ac39e04877012aa66693ecef8331d89fe0dee75d91d98e74414b9f53012e0447
                                                                                      • Opcode Fuzzy Hash: 3992e1e19c36011cdd093f6dea84fb7bdf1395c4627eeea15b698b07ac78f8ae
                                                                                      • Instruction Fuzzy Hash: 2641AB76E0060A9FCB04CF99D88059EF7B6FF96304B14856AC519EBB04DB31BA01CBC0
                                                                                      Function 693A4F30 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 104COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • std::_Xinvalid_argument.LIBCPMT ref: 693A501A
                                                                                      • std::_Xinvalid_argument.LIBCPMT ref: 693A5024
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: Xinvalid_argumentstd::_
                                                                                      • String ID: invalid string position$string too long
                                                                                      • API String ID: 909987262-4289949731
                                                                                      • Opcode ID: e84b46c2cc21b56d2ef370cf72af172c2b7b24eabb79935884fd7c977f3e3518
                                                                                      • Instruction ID: c36610d9e1dc0f6a94a4e16eb2808122e2c98bd4f148d694540ea12ea978330c
                                                                                      • Opcode Fuzzy Hash: e84b46c2cc21b56d2ef370cf72af172c2b7b24eabb79935884fd7c977f3e3518
                                                                                      • Instruction Fuzzy Hash: 8A31EF363002008FD728CE6DE880A5EF3A9FFA1725B105A2EF592CB681C771D84187A6
                                                                                      Function 693E4306 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 104fileCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      • DeleteFile , xrefs: 693E43C1
                                                                                      • c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\client\crash_report_database_win.cc, xrefs: 693E4392
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: DeleteErrorFileLast
                                                                                      • String ID: DeleteFile $c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\client\crash_report_database_win.cc
                                                                                      • API String ID: 2018770650-2174402464
                                                                                      • Opcode ID: 8b0f0b659ae1a950e5e53e6cb23cef4fd20b8e794586b771fab7a4dd2f20698e
                                                                                      • Instruction ID: 6263a5671fd907086bd9ab51360b818b74d14aa6db734981392edcf1f3aa4e53
                                                                                      • Opcode Fuzzy Hash: 8b0f0b659ae1a950e5e53e6cb23cef4fd20b8e794586b771fab7a4dd2f20698e
                                                                                      • Instruction Fuzzy Hash: 09317275E00209ABDF04DFA5EC95FAEB7BCEF04314F10902AF561A7190EB35AA46CB50
                                                                                      Function 693C50A9 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetModuleFileNameW.KERNEL32(?,?,"R<i,00000001,00000000,?,693C5222,?,?,00000104), ref: 693C5134
                                                                                      • GetLastError.KERNEL32(?,693C5222,?,?,00000104), ref: 693C514B
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: ErrorFileLastModuleName
                                                                                      • String ID: "R<i$3
                                                                                      • API String ID: 2776309574-179744307
                                                                                      • Opcode ID: e8a3b099892b19a627bb1f50fb09e82ccb97c0de081bf1bacc8d994e889ac7c5
                                                                                      • Instruction ID: 7c4c0c66937edb195b26300d0da51a846c12368a4b8575e70aaeff3465aca513
                                                                                      • Opcode Fuzzy Hash: e8a3b099892b19a627bb1f50fb09e82ccb97c0de081bf1bacc8d994e889ac7c5
                                                                                      • Instruction Fuzzy Hash: 822149365C8D5C8ACA11DE3D868A7C57BA7EA7130C7C0315AC4F28B00BC72184838B8A
                                                                                      Function 693E45DD Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90fileCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 693E674E: CloseHandle.KERNEL32(000000FF), ref: 693E6761
                                                                                        • Part of subcall function 693E674E: GetLastError.KERNEL32(?,00000000), ref: 693E677A
                                                                                      • DeleteFileW.KERNEL32(?), ref: 693E4612
                                                                                      • GetLastError.KERNEL32 ref: 693E4631
                                                                                      Strings
                                                                                      • DeleteFile , xrefs: 693E466F
                                                                                      • c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\client\crash_report_database_win.cc, xrefs: 693E463D
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: ErrorLast$CloseDeleteFileHandle
                                                                                      • String ID: DeleteFile $c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\client\crash_report_database_win.cc
                                                                                      • API String ID: 1758595503-2174402464
                                                                                      • Opcode ID: e03fe0ee6fd0beec1f2f24f4d4051b5919e345cf2c7d0911ad23e4146ebbd0c5
                                                                                      • Instruction ID: 5ad07573632d69b9cd3c59bb1b80ee022df57e32b07d16f5676f9b2d64b02f0d
                                                                                      • Opcode Fuzzy Hash: e03fe0ee6fd0beec1f2f24f4d4051b5919e345cf2c7d0911ad23e4146ebbd0c5
                                                                                      • Instruction Fuzzy Hash: 9321F176A00218AFDB10DFA5EC4AFEEB3BCEF49324F10416AE591A7180DB35AD05C764
                                                                                      Function 693E69EA Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 76COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • __vwprintf_l.LIBCMT ref: 693E6A12
                                                                                      • GetLastError.KERNEL32(?,?,00000000,00000000), ref: 693E6A2F
                                                                                      Strings
                                                                                      • c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\file\file_io_win.cc, xrefs: 693E6A3C
                                                                                      • CreateFile , xrefs: 693E6A6A
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: ErrorLast__vwprintf_l
                                                                                      • String ID: CreateFile $c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\file\file_io_win.cc
                                                                                      • API String ID: 3407089876-2132845161
                                                                                      • Opcode ID: 8ae0a8d73e0a76fc04066ae294ce7216cbe2736ef299bb80e1be91e3aad1f3b9
                                                                                      • Instruction ID: 778170b267cbba7f3dbd8f6fff1a30036d775abb4290a60825a40b9965e40434
                                                                                      • Opcode Fuzzy Hash: 8ae0a8d73e0a76fc04066ae294ce7216cbe2736ef299bb80e1be91e3aad1f3b9
                                                                                      • Instruction Fuzzy Hash: 2D110576E003086EDF00DBB4DC46FAE73A8EB04318F50811AF965A71C1EB329D048265
                                                                                      Function 693E3E20 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 69fileCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • UnlockFileEx.KERNEL32(?,00000000,?,?,?), ref: 693E3E55
                                                                                      • GetLastError.KERNEL32(?,00000000,?,?,?), ref: 693E3E6E
                                                                                      Strings
                                                                                      • UnlockFileEx, xrefs: 693E3E8E
                                                                                      • c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\client\crash_report_database_win.cc, xrefs: 693E3E7B
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: ErrorFileLastUnlock
                                                                                      • String ID: UnlockFileEx$c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\client\crash_report_database_win.cc
                                                                                      • API String ID: 3655728120-672186346
                                                                                      • Opcode ID: b5e4940044906f7fb841edd705fc2c7fcbbb304bbfd98430b6267da26bd66c08
                                                                                      • Instruction ID: 6ee0ae8ef7338fc0f1baed1ee71f4aa654e8674955b68a30bd151747fc8b3dce
                                                                                      • Opcode Fuzzy Hash: b5e4940044906f7fb841edd705fc2c7fcbbb304bbfd98430b6267da26bd66c08
                                                                                      • Instruction Fuzzy Hash: 2611E33A5002156EE720DFB9DC51BABB7B8EB81718F10496FE1D5A21E0DB3259458660
                                                                                      Function 693E67C4 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 62fileCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • LockFileEx.KERNEL32(00000000,00000000,00000000,000000FF,000000FF,?,0000001C,0000001C,00000000), ref: 693E67FA
                                                                                      • GetLastError.KERNEL32 ref: 693E6810
                                                                                      Strings
                                                                                      • c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\file\file_io_win.cc, xrefs: 693E681C
                                                                                      • LockFileEx, xrefs: 693E682F
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: ErrorFileLastLock
                                                                                      • String ID: LockFileEx$c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\file\file_io_win.cc
                                                                                      • API String ID: 1811722133-1010764315
                                                                                      • Opcode ID: b6c0cc8f903ad57589a0e0e484b1a5ab3794669f2c91dd91782c559b190e93f1
                                                                                      • Instruction ID: 6f74655535785606972afb45c04818c151590f58d3bdbaa32df495a83bf6144c
                                                                                      • Opcode Fuzzy Hash: b6c0cc8f903ad57589a0e0e484b1a5ab3794669f2c91dd91782c559b190e93f1
                                                                                      • Instruction Fuzzy Hash: 930149755002183AEB00DAA9CC81BEB776CEF01378F40416AF628A50D0CA225D4685A0
                                                                                      Function 693E6AB6 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 61COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SetFilePointerEx.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 693E6AEE
                                                                                      • GetLastError.KERNEL32 ref: 693E6B07
                                                                                      Strings
                                                                                      • c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\file\file_io_win.cc, xrefs: 693E6B13
                                                                                      • SetFilePointerEx, xrefs: 693E6B26
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: ErrorFileLastPointer
                                                                                      • String ID: SetFilePointerEx$c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\file\file_io_win.cc
                                                                                      • API String ID: 2976181284-399997206
                                                                                      • Opcode ID: 30ae77e2009074e3b691282c6f54f6a3c1ffec7461872719212e33b6fc299dc0
                                                                                      • Instruction ID: 722bdab0c046dc453b19f48e5e558d4851d23fb775cff16baf8e8e285c40d4ce
                                                                                      • Opcode Fuzzy Hash: 30ae77e2009074e3b691282c6f54f6a3c1ffec7461872719212e33b6fc299dc0
                                                                                      • Instruction Fuzzy Hash: 7411267AA00216BBEF04CEAACD46FAE77ADFB0136CF00816AF615961C1D7329A518610
                                                                                      Function 693E0518 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 57COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • CanOfferRelaunch.GCAPI(?,?,?,?), ref: 693E052C
                                                                                        • Part of subcall function 693B3FC0: RegCreateKeyExW.ADVAPI32(00000202,?,00000000,00000000,00000000,?,00000000,?), ref: 693B3FFA
                                                                                        • Part of subcall function 693B3FC0: RegCloseKey.ADVAPI32 ref: 693B400D
                                                                                        • Part of subcall function 693B43A0: RegSetValueExW.ADVAPI32 ref: 693B43E1
                                                                                        • Part of subcall function 693DF147: GetLocalTime.KERNEL32(?), ref: 693DF15F
                                                                                        • Part of subcall function 693B4370: RegSetValueExW.ADVAPI32 ref: 693B4390
                                                                                      Strings
                                                                                      • Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}, xrefs: 693E0542
                                                                                      • RelaunchAllowedAfter, xrefs: 693E0575
                                                                                      • RelaunchBrandcode, xrefs: 693E055E
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: Value$CloseCreateLocalOfferRelaunchTime
                                                                                      • String ID: RelaunchAllowedAfter$RelaunchBrandcode$Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
                                                                                      • API String ID: 4093175577-67220017
                                                                                      • Opcode ID: 3b33c7a1bbb6a7fd89058d04acf8b4b6093617dabae504f5acc5fa98c8b66529
                                                                                      • Instruction ID: 5c8f848adca8205a7638c65862362b974cb117adf2e851ded386f6f66bf6f580
                                                                                      • Opcode Fuzzy Hash: 3b33c7a1bbb6a7fd89058d04acf8b4b6093617dabae504f5acc5fa98c8b66529
                                                                                      • Instruction Fuzzy Hash: 5C11843690922A7BDB00DFA0ED01E9F7B34EF14318F408116FEA566094EF72A925DBD0
                                                                                      Function 693E6C33 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 54fileCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • UnlockFileEx.KERNEL32(000000FF,00000000,000000FF,000000FF,?,00000000,00000000), ref: 693E6C5B
                                                                                      • GetLastError.KERNEL32 ref: 693E6C72
                                                                                      Strings
                                                                                      • c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\file\file_io_win.cc, xrefs: 693E6C7F
                                                                                      • UnlockFileEx, xrefs: 693E6C92
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: ErrorFileLastUnlock
                                                                                      • String ID: UnlockFileEx$c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\file\file_io_win.cc
                                                                                      • API String ID: 3655728120-168028389
                                                                                      • Opcode ID: 6153ac9b3f7d95c9d9975d8623f6d9c143013648ee3d91735ea4ce60e6e73b1c
                                                                                      • Instruction ID: 6d75d691113137726fa303bddae89a16816087913267c2cb446d44eb871e8d00
                                                                                      • Opcode Fuzzy Hash: 6153ac9b3f7d95c9d9975d8623f6d9c143013648ee3d91735ea4ce60e6e73b1c
                                                                                      • Instruction Fuzzy Hash: AA0126399042053AEB00CFA9CD42FAEB3ACEB05328F50166BEA24B61D1DB3269468561
                                                                                      Function 693C2F01 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • _UnwindNestedFrames.LIBCMT ref: 693C2F2F
                                                                                      • ___FrameUnwindToState.LIBVCRUNTIME ref: 693C2F41
                                                                                      • CallCatchBlock.LIBVCRUNTIME ref: 693C2F65
                                                                                        • Part of subcall function 693C3549: ___AdjustPointer.LIBCMT ref: 693C3596
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: Unwind$AdjustBlockCallCatchFrameFramesNestedPointerState
                                                                                      • String ID: &3<i
                                                                                      • API String ID: 4287930071-3316503604
                                                                                      • Opcode ID: fa58f82d3c1954d7f4a288f043c0d815a92d5387328e534f610f396ef617e9ab
                                                                                      • Instruction ID: 6e16b0813590c7f95565a8bb0e9425d7adad5a660ba720e936a598353608aec9
                                                                                      • Opcode Fuzzy Hash: fa58f82d3c1954d7f4a288f043c0d815a92d5387328e534f610f396ef617e9ab
                                                                                      • Instruction Fuzzy Hash: 1001E536000909FBCF029F55CD05EDA3BBAFF49754F05A114FD5866220D772E862EBA2
                                                                                      Function 693D0D37 Relevance: 6.3, APIs: 4, Instructions: 305COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: __alldvrm$_strrchr
                                                                                      • String ID:
                                                                                      • API String ID: 1036877536-0
                                                                                      • Opcode ID: 08bbd95e0c94314e88f8ac9cb1697bb445864f1c51da791db5baa43eeec002dc
                                                                                      • Instruction ID: 56ea633ef7d435e70e6eef38caf59a13219e6e95c1d45034526d53311a418ff9
                                                                                      • Opcode Fuzzy Hash: 08bbd95e0c94314e88f8ac9cb1697bb445864f1c51da791db5baa43eeec002dc
                                                                                      • Instruction Fuzzy Hash: BDA166739047869FE711CF68C8B17AEBBE9FF52754F24416EE4849B281C3398989C790
                                                                                      Function 693A2400 Relevance: 6.2, APIs: 4, Instructions: 154fileCOMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • OutputDebugStringA.KERNEL32(?), ref: 693A2481
                                                                                      • WriteFile.KERNEL32(?,?,?,00000000), ref: 693A24FF
                                                                                      • SetLastError.KERNEL32(?,?,00000000), ref: 693A25AF
                                                                                      • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 693A25C6
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugErrorFileIos_base_dtorLastOutputStringWritestd::ios_base::_
                                                                                      • String ID:
                                                                                      • API String ID: 3426912829-0
                                                                                      • Opcode ID: 20624f649c3793ee08791c671009e5ae89ef8b7b60127def9dee8411dba4e6f3
                                                                                      • Instruction ID: 81caa6c609fc131cd6efbc7f30803da2d47ec946ac1ab48b855a033b8fad30a5
                                                                                      • Opcode Fuzzy Hash: 20624f649c3793ee08791c671009e5ae89ef8b7b60127def9dee8411dba4e6f3
                                                                                      • Instruction Fuzzy Hash: DC51CD755043409FDB00CF65D945AAAB7E8FF89308F40482DF9AA97191DB31EA49CBA3
                                                                                      Function 693DDBFC Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: _free
                                                                                      • String ID:
                                                                                      • API String ID: 269201875-0
                                                                                      • Opcode ID: 71939b9b2bf2cb7a340ec12ba6a12a2c014b5353aa6f97185057f4f2af31e481
                                                                                      • Instruction ID: 4ffac2fe8207991931157cf18b826476096f3651701ae204dd01e809aa2894f5
                                                                                      • Opcode Fuzzy Hash: 71939b9b2bf2cb7a340ec12ba6a12a2c014b5353aa6f97185057f4f2af31e481
                                                                                      • Instruction Fuzzy Hash: 9941283BE00504ABDB119FB88D60B6E3AF9EF42374F104617F4B8D7590DBB54D498A62
                                                                                      Function 693CFE76 Relevance: 6.1, APIs: 4, Instructions: 133COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c5c4bd953f07d2b964cc7259870781ef668f9b4fadeea2aa969b6c80a8dd9bee
                                                                                      • Instruction ID: eaa406d65512d1fe75b580706cf5f9b6efbdc2e643cafbbb78a0c380b00fb091
                                                                                      • Opcode Fuzzy Hash: c5c4bd953f07d2b964cc7259870781ef668f9b4fadeea2aa969b6c80a8dd9bee
                                                                                      • Instruction Fuzzy Hash: FC412676A00B08EFD324DF78CC40BAABBF9EB89714F10862AE181DB781D7719D019791
                                                                                      Function 693D4BE8 Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • MultiByteToWideChar.KERNEL32(?,00000000,08A8C445,00000008,00000000,00000000,693B00E9,00000000,-00000018,?,00000001,00000008,08A8C445,00000001,693B00E9,00000001), ref: 693D4C35
                                                                                      • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 693D4CBE
                                                                                      • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 693D4CD0
                                                                                      • __freea.LIBCMT ref: 693D4CD9
                                                                                        • Part of subcall function 693CC844: HeapAlloc.KERNEL32(00000000,0000010C,00000004,?,693CC8A7,?,00000000,?,693D7B70,0000010C,00000004,?,0000010C,?,?,693CDB9D), ref: 693CC876
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: ByteCharMultiWide$AllocHeapStringType__freea
                                                                                      • String ID:
                                                                                      • API String ID: 573072132-0
                                                                                      • Opcode ID: 18e564b1e99bbc276e75dbfdd8738065d1ea17c25c9b969abe6a0f63191f6582
                                                                                      • Instruction ID: b3be5e8727369df9349c337c07d898c085804a88ba2efd379f42878ec9699082
                                                                                      • Opcode Fuzzy Hash: 18e564b1e99bbc276e75dbfdd8738065d1ea17c25c9b969abe6a0f63191f6582
                                                                                      • Instruction Fuzzy Hash: 9731D076A0061AAFDF25CF64CC58DAE7BA9EF41314F054129EC24D7280EB36CD64CBA0
                                                                                      Function 693B2EE0 Relevance: 6.1, APIs: 4, Instructions: 78timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • TzSpecificLocalTimeToSystemTime.KERNEL32(00000000,?,?,00000001,?,?,?,?,?,?,?,693E0690), ref: 693B2F5B
                                                                                      • SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,693E0690), ref: 693B2F6F
                                                                                      • SystemTimeToFileTime.KERNEL32(?,00000001,00000001,?,?,?,?,?,?,?,693E0690), ref: 693B2F83
                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 693B2FBD
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: Time$System$File$LocalSpecificUnothrow_t@std@@@__ehfuncinfo$??2@
                                                                                      • String ID:
                                                                                      • API String ID: 1393065386-0
                                                                                      • Opcode ID: 427d9076de5ffd22bab4f0642568cbee727aa05f4acf9bcb8fb99c3be4d06f53
                                                                                      • Instruction ID: 5274a99318a0ac56a5ae7b12d23d0fe93f59c064f202947a1bd799c1c0f57c10
                                                                                      • Opcode Fuzzy Hash: 427d9076de5ffd22bab4f0642568cbee727aa05f4acf9bcb8fb99c3be4d06f53
                                                                                      • Instruction Fuzzy Hash: 463138791183459AC710CF61C800B6AB7E8FF58715F10890EF8A9CB290E739D949D7A6
                                                                                      Function 693CD7C8 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ff79dd22432544fb153983520bf4aef53ca460036815424616f20d2fb79eec2a
                                                                                      • Instruction ID: a9e387dc868eef4008b09589d518ef29f0d51d91db086112a42849766f66465e
                                                                                      • Opcode Fuzzy Hash: ff79dd22432544fb153983520bf4aef53ca460036815424616f20d2fb79eec2a
                                                                                      • Instruction Fuzzy Hash: 5A01ADB2649B16BEFA1009B86CC0F2B266DEB927B9B205727F535B11C4DB718C408172
                                                                                      Function 693C13D5 Relevance: 6.1, APIs: 4, Instructions: 53timethreadCOMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetSystemTimeAsFileTime.KERNEL32(00000000,00000000,00000000), ref: 693C1409
                                                                                      • GetCurrentThreadId.KERNEL32 ref: 693C1418
                                                                                      • GetCurrentProcessId.KERNEL32 ref: 693C1421
                                                                                      • QueryPerformanceCounter.KERNEL32(?), ref: 693C142E
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                      • String ID:
                                                                                      • API String ID: 2933794660-0
                                                                                      • Opcode ID: d01dcdba3dc208a2b3194324cdbb202b691fceda8960bcdad89067af16986117
                                                                                      • Instruction ID: 6203a075bf459b2b232d17275da8a66c1ef220ff2fde18bef414fc76c6d817bf
                                                                                      • Opcode Fuzzy Hash: d01dcdba3dc208a2b3194324cdbb202b691fceda8960bcdad89067af16986117
                                                                                      • Instruction Fuzzy Hash: 17114872D05609EBDF14DFE8D5496AEBBF8EB0A315F51046BD426E7240EB309E00DB51
                                                                                      Function 693E6D68 Relevance: 6.0, APIs: 4, Instructions: 48fileCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • ReadFile.KERNEL32(00000028,00000000,0000001C,0000001C,00000000), ref: 693E6D8A
                                                                                      • GetLastError.KERNEL32(?,?,693E60D0,0000001C,00000000,00000028), ref: 693E6D94
                                                                                      • GetLastError.KERNEL32(?,?,693E60D0,0000001C,00000000,00000028), ref: 693E6D9F
                                                                                      • GetFileType.KERNEL32 ref: 693E6DBB
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: ErrorFileLast$ReadType
                                                                                      • String ID:
                                                                                      • API String ID: 2855922492-0
                                                                                      • Opcode ID: caf3ac5cdb94295b48d9beecd2d1213af6994ebb977c6ef9f2bfc16f95c73e4b
                                                                                      • Instruction ID: aff24579c95bd4d92c1ae612bed324bde26f28d359986a65c526f8d8a8ad3221
                                                                                      • Opcode Fuzzy Hash: caf3ac5cdb94295b48d9beecd2d1213af6994ebb977c6ef9f2bfc16f95c73e4b
                                                                                      • Instruction Fuzzy Hash: FE01D632A00179EBDB109E69CC48B9B37BDFB023A9F800226FE24D7150D731DC1087A0
                                                                                      Function 693AD3D0 Relevance: 6.0, APIs: 4, Instructions: 47COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 19b66c6cea623c4ce6e82e1a1a5c1cb39f330c3bcc8957baa14ce12d8e58302c
                                                                                      • Instruction ID: cfcb40b110ba773e6d3f9a6c1a65b77a280c2c36b8d66fb582418de4d2661423
                                                                                      • Opcode Fuzzy Hash: 19b66c6cea623c4ce6e82e1a1a5c1cb39f330c3bcc8957baa14ce12d8e58302c
                                                                                      • Instruction Fuzzy Hash: A7F09EBA410705C1E708C7B04511A1F3268CD1036CB00C73BECB6C25A4EF66FD418193
                                                                                      Function 693B25C0 Relevance: 6.0, APIs: 4, Instructions: 47COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e9497407c361fa0e5cdba83c1c808aa0bd6f632a9449a5baa6c9db17d36afeda
                                                                                      • Instruction ID: 888e09c8a898e2a35fd65fa41a40d4d59aecf3685849be55f16620e704ed6f71
                                                                                      • Opcode Fuzzy Hash: e9497407c361fa0e5cdba83c1c808aa0bd6f632a9449a5baa6c9db17d36afeda
                                                                                      • Instruction Fuzzy Hash: DCF09EBA900701C2D604CBB04721B1F72688E3036DB009336E456CE989F7B6ED9381E7
                                                                                      Function 693B0640 Relevance: 6.0, APIs: 4, Instructions: 47COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: fae71b4869ae569bafac289f6a09a1d21ff0609c13e63d45931af16e1a68b08f
                                                                                      • Instruction ID: 0de6eaedd1e30dda3436b9ae62ac87371e5ed1d9bff7a5a3ac75441b566f78af
                                                                                      • Opcode Fuzzy Hash: fae71b4869ae569bafac289f6a09a1d21ff0609c13e63d45931af16e1a68b08f
                                                                                      • Instruction Fuzzy Hash: 75F09EFA900701C1E704C7B04751B1E72A8CEB439CB10C235E4AACED4CE732EE908197
                                                                                      Function 693B0D70 Relevance: 6.0, APIs: 4, Instructions: 45COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a3b9674a052d906bc40769fbd11e90ff7402c1ad619f96228d6ceedf274cac0c
                                                                                      • Instruction ID: 7bc00b49e261fdf1a26d016c19945ff322e0ffda760fb01eb3f74a73ad4ca9de
                                                                                      • Opcode Fuzzy Hash: a3b9674a052d906bc40769fbd11e90ff7402c1ad619f96228d6ceedf274cac0c
                                                                                      • Instruction Fuzzy Hash: 9EF059BA401705C5E714C7B48751B6E33A89E2035C700823DE416DE99CEB36FD948297
                                                                                      Function 693AB020 Relevance: 6.0, APIs: 4, Instructions: 45COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 15c0b58c902f026745a66fbe5b3f6f91989226b873c08466af165a5806f21b42
                                                                                      • Instruction ID: 775792ae2537f13c77db12d2e548bc683c769ecf0db8ce7c36dc7712b3c00d60
                                                                                      • Opcode Fuzzy Hash: 15c0b58c902f026745a66fbe5b3f6f91989226b873c08466af165a5806f21b42
                                                                                      • Instruction Fuzzy Hash: B2F059BA400A0DCAE618C7F18611A2E72F8CE10358B008239E475CF110EB66EE94C29F
                                                                                      Function 693E674E Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 43COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • CloseHandle.KERNEL32(000000FF), ref: 693E6761
                                                                                      • GetLastError.KERNEL32(?,00000000), ref: 693E677A
                                                                                      Strings
                                                                                      • c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\file\file_io_win.cc, xrefs: 693E6787
                                                                                      • CloseHandle, xrefs: 693E679A
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: CloseErrorHandleLast
                                                                                      • String ID: CloseHandle$c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\file\file_io_win.cc
                                                                                      • API String ID: 918212764-2138661059
                                                                                      • Opcode ID: 87d35b0ce97202a27edfa48bb1fc85155de719feafb48c1877acdb40d613f22d
                                                                                      • Instruction ID: 1587e1df67b3d2d34f1919bfac98fa4e0913e47260713b022aabc4f225063137
                                                                                      • Opcode Fuzzy Hash: 87d35b0ce97202a27edfa48bb1fc85155de719feafb48c1877acdb40d613f22d
                                                                                      • Instruction Fuzzy Hash: AEF0507690032577DB20EAB5DD16F9E7B59DF01368F80D45AED846A1C1DB338C454184
                                                                                      Function 693A4B40 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 204COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • std::_Xinvalid_argument.LIBCPMT ref: 693A4BF6
                                                                                      • std::_Xinvalid_argument.LIBCPMT ref: 693A4C00
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: Xinvalid_argumentstd::_
                                                                                      • String ID: string too long
                                                                                      • API String ID: 909987262-2556327735
                                                                                      • Opcode ID: 5971af71dd372a1145cf11f4c0ab3d6b37a40d951d6b091576cb7394a7ec2f51
                                                                                      • Instruction ID: b526e35f7752cfab12a771990e5935645ff43dfcfef3cffe41e1cb75566e18c2
                                                                                      • Opcode Fuzzy Hash: 5971af71dd372a1145cf11f4c0ab3d6b37a40d951d6b091576cb7394a7ec2f51
                                                                                      • Instruction Fuzzy Hash: E1516B3A304710ABD3218E5CA884B5AF7F9FF92760B104A2FE5D5CB791CB76D84183A1
                                                                                      Function 693CC99D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • __startOneArgErrorHandling.LIBCMT ref: 693CCA2D
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: ErrorHandling__start
                                                                                      • String ID: pow
                                                                                      • API String ID: 3213639722-2276729525
                                                                                      • Opcode ID: d1db3253824f8e6ea04615e2120546b7e6fd4e77904d08c7cfe98bdd87fe0318
                                                                                      • Instruction ID: d3e10820bcc7bf5b2d28b5deb2344a3c9953404cf55492da6245a76c9c088815
                                                                                      • Opcode Fuzzy Hash: d1db3253824f8e6ea04615e2120546b7e6fd4e77904d08c7cfe98bdd87fe0318
                                                                                      • Instruction Fuzzy Hash: 62519E77A08905C6CF01E614CA2135A3BB8AB41758F10CD59F0F5821D9EF368CDD8A87
                                                                                      Function 693A62E0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 158COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: invalid string position$string too long
                                                                                      • API String ID: 0-4289949731
                                                                                      • Opcode ID: 2ae8ca7c6f05c020f5b4c35436735f96153951a5026a911c59aa653f27c64404
                                                                                      • Instruction ID: 1907b419062eeaf9ec46c74919a6c7a7ce196bd6fbc72856660920c5b0f6e97a
                                                                                      • Opcode Fuzzy Hash: 2ae8ca7c6f05c020f5b4c35436735f96153951a5026a911c59aa653f27c64404
                                                                                      • Instruction Fuzzy Hash: 1C4125363002148FE3219E5DE840A5BF7E9FBA1665F104A3FE691CB6A1C7B2D84583E1
                                                                                      Function 693AF170 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 132COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: invalid string position$string too long
                                                                                      • API String ID: 0-4289949731
                                                                                      • Opcode ID: 120d5f9b5f3f7eacd7a5bf27ecb80a70ed080c7d4a91fe1f74a97010ad7582f7
                                                                                      • Instruction ID: 21d646d64fd6208138298659c2baa4bfccd8046c8080a3614d348d95dcb1ab85
                                                                                      • Opcode Fuzzy Hash: 120d5f9b5f3f7eacd7a5bf27ecb80a70ed080c7d4a91fe1f74a97010ad7582f7
                                                                                      • Instruction Fuzzy Hash: 05410E3AB006099BC720CFACDCC0D5AB7AAFF947403504A2EE941CB200DB31E852DBE1
                                                                                      Function 693DFCD5 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 129COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GoogleChromeDaysSinceLastRun.GCAPI ref: 693DFDBB
                                                                                      Strings
                                                                                      • Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}, xrefs: 693DFDDE
                                                                                      • RelaunchAllowedAfter, xrefs: 693DFDF8
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: ChromeDaysGoogleLastSince
                                                                                      • String ID: RelaunchAllowedAfter$Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
                                                                                      • API String ID: 2052684696-26780984
                                                                                      • Opcode ID: 27df298e987e456685b306d861a6c4e7f6f8ed6990bcda4ed854f475ccbabda8
                                                                                      • Instruction ID: ee4c84802223ea99e1fa29f266455997f85fa8cd8255cb8529348346f35f3585
                                                                                      • Opcode Fuzzy Hash: 27df298e987e456685b306d861a6c4e7f6f8ed6990bcda4ed854f475ccbabda8
                                                                                      • Instruction Fuzzy Hash: B141E477D202199ADB10CEA4D9E4BAEB3F8FF05718F104419D890AB185EB72D98DDB90
                                                                                      Function 693E4ADC Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 124COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: dmp$reports
                                                                                      • API String ID: 0-1316949204
                                                                                      • Opcode ID: 74de72b1cc37f7233a0496cba95497aea83edc723d22ec42185eed8f11879702
                                                                                      • Instruction ID: 0502cdcd33dc857da3a920b17cf3ab7809dd5303051d6827eacbfe9152e59cfe
                                                                                      • Opcode Fuzzy Hash: 74de72b1cc37f7233a0496cba95497aea83edc723d22ec42185eed8f11879702
                                                                                      • Instruction Fuzzy Hash: 4741B679E00218ABCB14DFA4DC94EAEB7BDEF45308F10916AE555E7280DF319D05CB94
                                                                                      Function 693A4D29 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 122COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • std::_Xinvalid_argument.LIBCPMT ref: 693A4E2C
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: Xinvalid_argumentstd::_
                                                                                      • String ID: invalid string position$string too long
                                                                                      • API String ID: 909987262-4289949731
                                                                                      • Opcode ID: 0fb7f0c4d6b570f5ab99faf77cafa103dc0124a2a0bca1b89759cc48c773871e
                                                                                      • Instruction ID: 0cb3d6a021cd89857a67dda6a22168fe1c74679897dc6014e8c0e1574ee1542c
                                                                                      • Opcode Fuzzy Hash: 0fb7f0c4d6b570f5ab99faf77cafa103dc0124a2a0bca1b89759cc48c773871e
                                                                                      • Instruction Fuzzy Hash: 9631E236300210CFD3219F6CE844B5AF7A5EBE1B65F104A3FE1A1CB282CB72D85187A1
                                                                                      Function 693A4970 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 121COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • std::_Xinvalid_argument.LIBCPMT ref: 693A4A86
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: Xinvalid_argumentstd::_
                                                                                      • String ID: invalid string position$string too long
                                                                                      • API String ID: 909987262-4289949731
                                                                                      • Opcode ID: 944d8cd6f87169e07e5c0ee0028e12971cc62be492009738153cd5dfbb6520d9
                                                                                      • Instruction ID: d0e6f1dcbafdf387ad688ab22eef8bcd739c341e8167f4ac7155c5d1b53f7be4
                                                                                      • Opcode Fuzzy Hash: 944d8cd6f87169e07e5c0ee0028e12971cc62be492009738153cd5dfbb6520d9
                                                                                      • Instruction Fuzzy Hash: 0331AD363143149B83249E6DE8C485AF3FAFFD47553104A2EE596CB610EF31E85187A6
                                                                                      Function 693B0A20 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 121COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • std::_Xinvalid_argument.LIBCPMT ref: 693B0B4C
                                                                                        • Part of subcall function 693BFC11: std::invalid_argument::invalid_argument.LIBCONCRT ref: 693BFC1D
                                                                                        • Part of subcall function 693BFC11: __CxxThrowException@8.LIBVCRUNTIME ref: 693BFC2B
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: Exception@8ThrowXinvalid_argumentstd::_std::invalid_argument::invalid_argument
                                                                                      • String ID: ,$vector<T> too long
                                                                                      • API String ID: 1419379543-2403322092
                                                                                      • Opcode ID: f47ac21ee21da4cf94fbfdede4ac882bcca8d72e18ef09bf814bce9bc167ddc6
                                                                                      • Instruction ID: 32e517ba343d473144932ab0171727f3cea237568c9e1b4bf8b3a87eb07748aa
                                                                                      • Opcode Fuzzy Hash: f47ac21ee21da4cf94fbfdede4ac882bcca8d72e18ef09bf814bce9bc167ddc6
                                                                                      • Instruction Fuzzy Hash: 2D310375E102089BDF00DFA8CED0AEEFBB1FF18304F048628D855AB649C771A944C7A1
                                                                                      Function 693AA660 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 85COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • std::_Xinvalid_argument.LIBCPMT ref: 693AA70A
                                                                                      • std::_Xinvalid_argument.LIBCPMT ref: 693AA714
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: Xinvalid_argumentstd::_
                                                                                      • String ID: string too long
                                                                                      • API String ID: 909987262-2556327735
                                                                                      • Opcode ID: 5439361f8b48b6e5f06df1008718774c846111206e82cb50b591940982882604
                                                                                      • Instruction ID: aa8359c9fbcefa03d51514022cfde8ffad924547b58272d5629ff780dbc808d6
                                                                                      • Opcode Fuzzy Hash: 5439361f8b48b6e5f06df1008718774c846111206e82cb50b591940982882604
                                                                                      • Instruction Fuzzy Hash: B611D0373187145F5724AE6DE88081AF3EAFFA07713100A3FE596C7660DB22E8449BA0
                                                                                      Function 693DF056 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 82COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetClassNameW.USER32(?,?,00000104), ref: 693DF0B2
                                                                                      • SetWindowPos.USER32(?,?,?,?,?,?,?), ref: 693DF105
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: ClassNameWindow
                                                                                      • String ID: Chrome_WidgetWin_
                                                                                      • API String ID: 697123166-524248775
                                                                                      • Opcode ID: df93a2e540fa4a9e2a42c2da90f296a983ae6b9897b71f732bccbb91f2b5d4b0
                                                                                      • Instruction ID: 648d7987a83905040a7938b6ad7f047ee742595a1a51b79a46886d172deef03d
                                                                                      • Opcode Fuzzy Hash: df93a2e540fa4a9e2a42c2da90f296a983ae6b9897b71f732bccbb91f2b5d4b0
                                                                                      • Instruction Fuzzy Hash: 5F2191B6900209BBDB14CF64DC84F9ABBB8FF25304F008659E569E7140EB71AA95DB90
                                                                                      Function 693E134D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 77comCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • CoCreateInstance.OLE32(693F8238,00000000,00000001,693F6804,00000000), ref: 693E136D
                                                                                        • Part of subcall function 693BC8D0: SysAllocString.OLEAUT32(?), ref: 693BC8D9
                                                                                        • Part of subcall function 693BC8F0: SysFreeString.OLEAUT32(?), ref: 693BC8F2
                                                                                      • CoSetProxyBlanket.OLE32(00000000,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 693E13BE
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: String$AllocBlanketCreateFreeInstanceProxy
                                                                                      • String ID: ROOT\CIMV2
                                                                                      • API String ID: 2036101689-2786109267
                                                                                      • Opcode ID: 4282ec0511483f052ca581f479fa4e759a9f69c51d36d637ec0763e32fef2130
                                                                                      • Instruction ID: 62e8a24c1b16ad92f6f5b222b9aac65a7a5d2826cd7a03ec4e5b4673139547b8
                                                                                      • Opcode Fuzzy Hash: 4282ec0511483f052ca581f479fa4e759a9f69c51d36d637ec0763e32fef2130
                                                                                      • Instruction Fuzzy Hash: 1E213B70A01218FFDB11CFA5C890AAEBB7CFF05758F1085AAE815AB240D6729E01DB50
                                                                                      Function 693B2860 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 71COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: Xinvalid_argumentstd::_
                                                                                      • String ID: list<T> too long
                                                                                      • API String ID: 909987262-4027344264
                                                                                      • Opcode ID: 97dfe52c90b806336e2add8f023ff114c5279f84687f50c9147e68c5f3eccd51
                                                                                      • Instruction ID: 8041ea20dc09c2ee34cd5a373ed2afeebbdeb5cbc64a4cd09211950fd66915af
                                                                                      • Opcode Fuzzy Hash: 97dfe52c90b806336e2add8f023ff114c5279f84687f50c9147e68c5f3eccd51
                                                                                      • Instruction Fuzzy Hash: 4E11BF7AA002099BCB00CF58C640589F7F5FF95710B14C669D818EB704D731ED02CB81
                                                                                      Function 693BC700 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 71COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: Xinvalid_argumentstd::_
                                                                                      • String ID: list<T> too long
                                                                                      • API String ID: 909987262-4027344264
                                                                                      • Opcode ID: 9843be237af1fad2bfae8d7a1aed749bf3d5d9cd841bd466bbd800313c86ae6a
                                                                                      • Instruction ID: c621c43b3d948719299b25798179fb9db9698ca1c1a2f0d8b9c0756ec0decfac
                                                                                      • Opcode Fuzzy Hash: 9843be237af1fad2bfae8d7a1aed749bf3d5d9cd841bd466bbd800313c86ae6a
                                                                                      • Instruction Fuzzy Hash: EA119ABAA01205DFCB24CF68D540A4AB7E9FF59304B1885A9E948DF705D372ED41CBD1
                                                                                      Function 693AA5C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • std::_Xinvalid_argument.LIBCPMT ref: 693AA64E
                                                                                      • std::_Xinvalid_argument.LIBCPMT ref: 693AA658
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: Xinvalid_argumentstd::_
                                                                                      • String ID: string too long
                                                                                      • API String ID: 909987262-2556327735
                                                                                      • Opcode ID: 144b33c313c712bcf017ef5aa177c9b8aefedbc78e257eacb46bbaba94d08db8
                                                                                      • Instruction ID: 0cb1d754f2f4d7353303b97bfae45a4b020b9caeb774deac040157ea32ba030a
                                                                                      • Opcode Fuzzy Hash: 144b33c313c712bcf017ef5aa177c9b8aefedbc78e257eacb46bbaba94d08db8
                                                                                      • Instruction Fuzzy Hash: E01136373083104B8634AE9CF80081AB3A6FFE07717001A2FE596C7660DB32E4118BA5
                                                                                      Function 693B3290 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 68COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • QueryPerformanceFrequency.KERNEL32(?), ref: 693B32AE
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: FrequencyPerformanceQuery
                                                                                      • String ID: AuthenticAMD$n3;i
                                                                                      • API String ID: 4204123506-3299311725
                                                                                      • Opcode ID: 9bb75241fed7b5425afb3ed42b94a7fd8b0934e9fa2bb507a1f671e3f9969289
                                                                                      • Instruction ID: 9f5488127b10c2c4943da6049ddf473a685e49d60437ab60a69cc91a812ac715
                                                                                      • Opcode Fuzzy Hash: 9bb75241fed7b5425afb3ed42b94a7fd8b0934e9fa2bb507a1f671e3f9969289
                                                                                      • Instruction Fuzzy Hash: 6A21A135D012689BDF10DFE8C840AEEBBB9FF26304F10421AE815BF654DB319984CB81
                                                                                      Function 693BD170 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57libraryloaderCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetModuleHandleW.KERNEL32(kernel32.dll), ref: 693BD184
                                                                                      • GetProcAddress.KERNEL32(00000000), ref: 693BD195
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: AddressHandleModuleProc
                                                                                      • String ID: kernel32.dll
                                                                                      • API String ID: 1646373207-1793498882
                                                                                      • Opcode ID: b80c00cd517fde08ed0fd8cbdde0685754947d39173a28679f4d1cea705862c8
                                                                                      • Instruction ID: ac573282f9e6bd4252d54caa5e6fdb4fe7289a056fd359be642682179b8994b2
                                                                                      • Opcode Fuzzy Hash: b80c00cd517fde08ed0fd8cbdde0685754947d39173a28679f4d1cea705862c8
                                                                                      • Instruction Fuzzy Hash: 980184B5A00209BAEF509E99DC04BEE7BBCFB81654F100096EC28DB144DB71DA05C761
                                                                                      Function 693E6411 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 55COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • UuidCreate.RPCRT4(?), ref: 693E6431
                                                                                        • Part of subcall function 693A2340: GetLastError.KERNEL32(?,00000000), ref: 693A23D6
                                                                                      Strings
                                                                                      • c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\misc\uuid.cc, xrefs: 693E644B
                                                                                      • UuidCreate, xrefs: 693E645F
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: CreateErrorLastUuid
                                                                                      • String ID: UuidCreate$c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\misc\uuid.cc
                                                                                      • API String ID: 3740028514-535133227
                                                                                      • Opcode ID: 3495fb454f8f0830924d0a5b71f6b115a024956c51c9258b353b3a6bac869972
                                                                                      • Instruction ID: ac1272aaf537a5f9cf646b50935f89d78e42b36c2d5b499c7c2f010e1baafb9b
                                                                                      • Opcode Fuzzy Hash: 3495fb454f8f0830924d0a5b71f6b115a024956c51c9258b353b3a6bac869972
                                                                                      • Instruction Fuzzy Hash: EC01D8795002089BDB10DF64ED41FEF73A8DF06318F00915AE956A7181CE73690A8A64
                                                                                      Function 693D41DC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 2>i$p<i
                                                                                      • API String ID: 0-2569173935
                                                                                      • Opcode ID: 9f631a5b8ff20e4a7917d23a56ca9a7b26dfe368fbec0958b25dc3047a26a4ea
                                                                                      • Instruction ID: 5e20b524b800ee90a3d0689a558705e025185ccb5f533738d01f10a9574cf4bf
                                                                                      • Opcode Fuzzy Hash: 9f631a5b8ff20e4a7917d23a56ca9a7b26dfe368fbec0958b25dc3047a26a4ea
                                                                                      • Instruction Fuzzy Hash: 07F0F037618148AADB148B94C829ABA33BCEB05700F40406AFC98CB5C0F6308E95C365
                                                                                      Function 693CD66F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: _free
                                                                                      • String ID: 9I
                                                                                      • API String ID: 269201875-3330861948
                                                                                      • Opcode ID: 4d1de117455d90788734a629fb250d569cfff077bd8ba18aae57f9a6d946240e
                                                                                      • Instruction ID: 5fc0e7233f8b13ab8dca1212394236c8631d5ee1658a771db7559c65d61d87f5
                                                                                      • Opcode Fuzzy Hash: 4d1de117455d90788734a629fb250d569cfff077bd8ba18aae57f9a6d946240e
                                                                                      • Instruction Fuzzy Hash: 68E0A07A686D10D0E5A2513A2D1166F2A994BC333CB51921BF4B8971C0DF684D5690A7
                                                                                      Function 693A4D10 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 32COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • std::_Xinvalid_argument.LIBCPMT ref: 693A4E2C
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: Xinvalid_argumentstd::_
                                                                                      • String ID: invalid string position$string too long
                                                                                      • API String ID: 909987262-4289949731
                                                                                      • Opcode ID: 5b1e626a02266b34ba09b5e93e6a61ea72fcf7b5261546a3c2cad320cbef5d73
                                                                                      • Instruction ID: fa218b645a606ba3251b63aeae58719a35ea562cbf30daaa547099427fb0b467
                                                                                      • Opcode Fuzzy Hash: 5b1e626a02266b34ba09b5e93e6a61ea72fcf7b5261546a3c2cad320cbef5d73
                                                                                      • Instruction Fuzzy Hash: 69D05E3C6001083B0718EA8ADCC0C4EB2AD6B28144780B014FF459B689CA70DA826A61
                                                                                      Function 693D70A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetOEMCP.KERNEL32(00000000,693D7329,?,?,?), ref: 693D70CB
                                                                                      • GetACP.KERNEL32(00000000,693D7329,?,?,?), ref: 693D70E2
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: )s=i
                                                                                      • API String ID: 0-4098848995
                                                                                      • Opcode ID: 2cf05efb97d3c8549e06a7f5021f19def4507217bbda046576fb4ed8dc3e1de9
                                                                                      • Instruction ID: bbbebc9353e437e7981cbb8b379c5196eb3306620bfd8ed209bdaa13495340ee
                                                                                      • Opcode Fuzzy Hash: 2cf05efb97d3c8549e06a7f5021f19def4507217bbda046576fb4ed8dc3e1de9
                                                                                      • Instruction Fuzzy Hash: 71F04FB29042888FDF20DB68C559768B7B9AB06335F100348E8358B9D2C7726989C782
                                                                                      Function 693C5124 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetModuleFileNameW.KERNEL32(?,?,"R<i,00000001,00000000,?,693C5222,?,?,00000104), ref: 693C5134
                                                                                      • GetLastError.KERNEL32(?,693C5222,?,?,00000104), ref: 693C514B
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: ErrorFileLastModuleName
                                                                                      • String ID: "R<i
                                                                                      • API String ID: 2776309574-64676468
                                                                                      • Opcode ID: 63668cef848d86c4666383ad1491b2b45ac3c802b2b3c6b24e6123dc62d9f484
                                                                                      • Instruction ID: 24ef28892bff428ef1e346759baea786d7d67a2564719fba0d2f280713224cac
                                                                                      • Opcode Fuzzy Hash: 63668cef848d86c4666383ad1491b2b45ac3c802b2b3c6b24e6123dc62d9f484
                                                                                      • Instruction Fuzzy Hash: 65E04836248555F74F101F5ADD0995B7BBCFE45762B404016F919C3310D331D81187D1
                                                                                      Function 693E7450 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 693E2CC2: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,693E747F,?,?,?,693A133F), ref: 693E2CC7
                                                                                        • Part of subcall function 693E2CC2: GetLastError.KERNEL32(?,693E747F,?,?,?,693A133F), ref: 693E2CD1
                                                                                      • IsDebuggerPresent.KERNEL32(?,?,?,693A133F), ref: 693E7483
                                                                                      • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,693A133F), ref: 693E7492
                                                                                      Strings
                                                                                      • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 693E748D
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: CountCriticalDebugDebuggerErrorInitializeLastOutputPresentSectionSpinString
                                                                                      • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                      • API String ID: 450123788-631824599
                                                                                      • Opcode ID: 913649c54a8672a465632237cdaf73947d9158b6fc133a33fdf1e898c231e8e5
                                                                                      • Instruction ID: dc45b28c4436935e217aa5d4050828560a1790e8509a2e5475ad50199ab10d55
                                                                                      • Opcode Fuzzy Hash: 913649c54a8672a465632237cdaf73947d9158b6fc133a33fdf1e898c231e8e5
                                                                                      • Instruction Fuzzy Hash: 3BE039782047A18BDB309F29D10434B7AF8AB52314B00891ED4ABC6640E7B5E4448BA1
                                                                                      Function 693E5C01 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • std::_Xinvalid_argument.LIBCPMT ref: 693E5C2E
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: Xinvalid_argumentstd::_
                                                                                      • String ID: T>i$vector<T> too long
                                                                                      • API String ID: 909987262-1191800796
                                                                                      • Opcode ID: 72868d49087fc56f3600febfb3c604f1688534a3957f4af5fd6348abc5bf7a9b
                                                                                      • Instruction ID: b17895fa59ab8fa152a58659db6970f703bf2acf9e3f221d60c783510fbe9144
                                                                                      • Opcode Fuzzy Hash: 72868d49087fc56f3600febfb3c604f1688534a3957f4af5fd6348abc5bf7a9b
                                                                                      • Instruction Fuzzy Hash: 66D02B3A04073CD68615D988E494D8AB7DC9B047A4B109463F104CD404C532E4D1C7D1
                                                                                      Function 693BFC31 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • std::invalid_argument::invalid_argument.LIBCONCRT ref: 693BFC3D
                                                                                        • Part of subcall function 693BFBB2: std::exception::exception.LIBCONCRT ref: 693BFBBF
                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 693BFC4B
                                                                                        • Part of subcall function 693C2BD6: RaiseException.KERNEL32(?,?,?,693C13B7,00000000,00000000,00000000,?,?,?,?,?,693C13B7,?,693FB2E0), ref: 693C2C35
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: ExceptionException@8RaiseThrowstd::exception::exceptionstd::invalid_argument::invalid_argument
                                                                                      • String ID: Unknown exception
                                                                                      • API String ID: 1586462112-410509341
                                                                                      • Opcode ID: f3768fdfe2f749e35b90ba70de4e27e346a29ed79a4c43754568a64b1d979407
                                                                                      • Instruction ID: 84bce5b5b2b34f0a24ca3411b9b81c026823eea184fe31a54ad5c3aee6fa414a
                                                                                      • Opcode Fuzzy Hash: f3768fdfe2f749e35b90ba70de4e27e346a29ed79a4c43754568a64b1d979407
                                                                                      • Instruction Fuzzy Hash: FAD0A73D900108B7CB00EEE4D911D8C7BBC6F10204BC0D066A954CB808E771EE4786C1
                                                                                      Function 693D76FE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 6COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: CommandLine
                                                                                      • String ID: (,D
                                                                                      • API String ID: 3253501508-2174689389
                                                                                      • Opcode ID: 544eff1c0e749418102e37df4d202e418b0f609acd52db9b920fa12e29d1d6c0
                                                                                      • Instruction ID: 392922eb1fbb9544efff5f6dece9c623261ed64769b796b756dad03c9bdcd24a
                                                                                      • Opcode Fuzzy Hash: 544eff1c0e749418102e37df4d202e418b0f609acd52db9b920fa12e29d1d6c0
                                                                                      • Instruction Fuzzy Hash: FAB002BC841390CFDF609F75A19C1647FB8B65A6623909867E835D3F40D63A4445DF21
                                                                                      Function 693D4371 Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • MultiByteToWideChar.KERNEL32(?,00000009,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,?), ref: 693D4407
                                                                                      • GetLastError.KERNEL32 ref: 693D4415
                                                                                      • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,00000000), ref: 693D4470
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.741555117.00000000693A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 693A0000, based on PE: true
                                                                                      • Associated: 00000002.00000002.741546843.00000000693A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741598499.00000000693EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741612661.00000000693FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741619325.0000000069401000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.741632515.0000000069403000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_693a0000_f_0002b5.jbxd
                                                                                      Similarity
                                                                                      • API ID: ByteCharMultiWide$ErrorLast
                                                                                      • String ID:
                                                                                      • API String ID: 1717984340-0
                                                                                      • Opcode ID: aa8be98b7df7fd3261032e325523d21336c67daf40b35025e666b1cdbbf96f67
                                                                                      • Instruction ID: ae81bb16a8c8b2228d33d927914a05722a9911904645f2b2c4f2aae21253bcda
                                                                                      • Opcode Fuzzy Hash: aa8be98b7df7fd3261032e325523d21336c67daf40b35025e666b1cdbbf96f67
                                                                                      • Instruction Fuzzy Hash: CE412B33604216EFDB118F68C868BAB7BB9FF01320F118169FD69971D0D7328995C761